Wireshark-users: Re: [Wireshark-users] Microsoft OCS

From: Mike Louis <MLouis@xxxxxxxxx>
Date: Wed, 1 Oct 2008 19:00:01 -0400
Awesome. thanks

-----Original Message-----
From: Guy Harris <guy@xxxxxxxxxxxx>
Sent: Wednesday, October 01, 2008 6:56 PM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Microsoft OCS


On Oct 1, 2008, at 3:31 PM, Mike Louis wrote:

> I am working with Microsoft OCS

Microsoft Office Communications Server?  (Not everybody here's
familiar with all of Microsoft's initialisms.)

> RTP streams and I noticed that I could not report on the UDP streams
> using RTP until I did a decode as “rtp”.

At least according to the Wikipedia page for Microsoft Office
Communications Server, it uses SIP for signaling, so *IF* your network
capture includes the SIP traffic, it should be able to recognize the
traffic.

If your capture *doesn't* include the SIP traffic, the only way
Wireshark can recognize RTP traffic without human help is by looking
at the packets and guessing that they're RTP.  The code we have to do
that doesn't check a lot of fields in the packet, so it probably runs
a significant risk of identifying non-RTP traffic as RTP.  We
therefore made that not the default; if you want Wireshark to be able
to automatically recognize RTP traffic even if you *didn't* capture
the signaling traffic that set the RTP stream up, you'll need to go to
the Edit -> Preferences dialog, select the "RTP" preferences under
"Protocols", and set the "Try to decode RTP outside of conversations"
option.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.