> Has anyone ever tried to capture and dissect RTP packets? Well, when I
> tried doing that, all I got was as if UDP was carring some raw data, and
> not RTP packets.
(Time for this one to go into the FAQ.)
Ethereal can identify a UDP datagram as containing a packet of a
particular protocol running atop UDP only if
1) the protocol in question has a particular standard port
number, and the UDP source or destination port number is that
port;
2) packets of that protocol can be identified by looking for a
"signature" of some type in the packet - i.e., some data
that, if Ethereal finds it in some particular part of a
packet, means that the packet is almost certainly a packet of
that type;
3) some *other* traffic earlier in the capture indicated that,
for example, UDP traffic between two particular addresses and
ports will be RTP traffic.
RTP doesn't have a standard port number, so 1) doesn't work; it doesn't,
as far as I know, have any "signature", so 2) doesn't work.
That leaves 3). If there's RTSP traffic that sets up an RTP session,
then, at least in some cases, the RTSP dissector will set things up so
that subsequent RTP traffic will be identified. Currently, that's the
only place we do that; there may be other places.
However, I suspect there will always be places where Ethereal is simply
*incapable* of deducing that a given UDP flow is RTP, and a UI will be
needed to allow the user to specify that a given conversation should be
treated as RTP. There is currently not sufficient infrastructure to
support that at all well; it will probably appear in the future.
