Articles

Wireshark Preferences File and RTP Streams

1 min read

CloudShark includes the ability to visualize RTP streams and play them back if they contain audio. For SIP calls, CloudShark will automatically decode the conversation as an RTP stream. However, for other protocols RTP will generally use a random port - not immediately apparent to CloudShark.

You can easily work around this using CloudShark’s “decode as” feature, which tells CloudShark to treat data on a given port as a particular protocol of your choice.

Interestingly enough, however, Wireshark has a “switch” in its preferences that let you automatically treat RTP streams as RTP even if they are not involved in a protocol conversation.

This is a Wireshark preferences setting. Wouldn’t it be neat if you could use it in CloudShark? It turns out that you can.

Follow these steps to create a Wireshark preferences file in your CloudShark Appliance. Once it is created, you can change the following variable:

rtp.heuristic_rtp: TRUE

After that, restart your caching system and CloudShark will identify and decode all RTP streams. You can then use the RTP Streams tool to visualize and play back your RTP Streams.