Countermeasures
- Although Wireshark does not decode RTP natively, there are various ways in which you can use Wireshark to view or capture RTP packets.
- For example, you can set up your network interface so that it is a promiscuous mode, that is it will accept all traffic on the network interface. You can then use Wireshark to set a filter and also configure a capture filter. You can also use the decapsulate-RTP plug-in to automatically decode an incoming RTP stream and display it in the GUI as soon as you scan its traffic on your network interface using Live Capture mode.
What is RTP in Wireshark?
RTP stands for Real-Time Protocol, which is a protocol that allows the transmission of streaming media over an IP-based network. The protocol determines how audio and video data will be encoded, transmitted, and packaged in data packets along with the information necessary to decode the data at its destination. The communication endpoints involved in an RTP session are called participants. The two participants in an RTP session are called the RTP sender and the RTP receiver.