On Oct 1, 2008, at 3:31 PM, Mike Louis wrote:
I am working with Microsoft OCS
Microsoft Office Communications Server? (Not everybody here's
familiar with all of Microsoft's initialisms.)
RTP streams and I noticed that I could not report on the UDP streams
using RTP until I did a decode as “rtp”.
At least according to the Wikipedia page for Microsoft Office
Communications Server, it uses SIP for signaling, so *IF* your network
capture includes the SIP traffic, it should be able to recognize the
traffic.
If your capture *doesn't* include the SIP traffic, the only way
Wireshark can recognize RTP traffic without human help is by looking
at the packets and guessing that they're RTP. The code we have to do
that doesn't check a lot of fields in the packet, so it probably runs
a significant risk of identifying non-RTP traffic as RTP. We
therefore made that not the default; if you want Wireshark to be able
to automatically recognize RTP traffic even if you *didn't* capture
the signaling traffic that set the RTP stream up, you'll need to go to
the Edit -> Preferences dialog, select the "RTP" preferences under
"Protocols", and set the "Try to decode RTP outside of conversations"
option.
