Wireshark-users: Re: [Wireshark-users] openvpn and packet sniffing
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 05 Dec 2006 11:20:55 -0800
Bill Fassler wrote:
I'm working development of a VoIP project which is using openvpn on the server side. Debugging is very tricky because I can't see the RTP packets.

"Can't see" in what sense?

Is there any mechanism or plugin for wireshark or ethereal that would allow me to see the RTP packets?

If "can't see" means that the packets aren't in the capture, that's probably an issue with whatever capture mechanism you're using, so it can't be fixed at the Wireshark level.

If "can't see" means that the packets *are* in the capture but aren't recognized by Wireshark as RTP packets, then try either

1) try turning the "try to decode RTP outside of conversations" preference for RTP on (that causes RTP to try to guess what packets are RTP packets - the problem is that there's no fixed port number used by RTP, and no reliable signature to identify RTP packets, so it has to guess, and it might guess wrong)

or

2) use the "Decode As" option to force the RTP packets to be decoded as such.