Wireshark-users: Re: [Wireshark-users] Requesting command to decode UDP packet to RTP
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 7 Apr 2017 08:26:37 +0200
On 06-04-17 22:23, Guy Harris wrote:
> On Apr 6, 2017, at 1:04 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> 
>> ... but isn't it always the same story; "how to get UDP dissected as RTP"? I
>> can't remember the question being asked the other way around....
> 
> Enabling the heuristic solves two problems: "how to get UDP traffic that's RTP traffic dissected as RTP" and "how to get UDP traffic that's *not* RTP traffic *mis*dissected as RTP". :-)  It's a *very* weak heuristic, and could get a lot of non-RTP traffic misdissected as RTP.
> 

Indeed an interesting 'solution' for that second problem :)

> Therefore, you might not want to permanently turn the heuristic dissector on - you might want to turn it on for some captures but leave it off for others.

You might not want to do that, unless you consider that it is rather common that
people interested in RTP over UDP are working in that field (media distribution
in whatever shape or form), hence *always* need this, despite the occasional
misdissection. That's why I prefer to advice to change this dissection
preference, instead of 'piling on the command line options'.

But, as you say, either way solves the problem, and causes another.

Thanks,
Jaap