Preference Settings of RTP in Wireshark
There are some preferences that can be configured to improve the performance of Wireshark. These settings can be accessed by going to “ Edit→Preferences “.
- Interface: RTP is disabled on untrusted networks unless using SSL.
- Display: Limit each packet summary to only once per conversation. This is helpful if you have large capture files with lots of traffic toward one person or a few people (i.e., if you are doing long-term surveillance of someone). When this preference is disabled, Wireshark will show every packet several times for the same conversation, which can be very annoying when you have a lot of traffic and/or large capture files (i.e., several gigabytes).
- Apply the same text styling to all packets for a conversation: This is helpful if you want to process a large capture file and want to do some sort of processing/analysis on packet contents, as opposed to conversation metadata (who talked with whom when etc.). When disabled, you can apply different colors/fonts/etc. to different conversations. For example, if your capture file contains both conversations on the client side (e.g., IM) and server-side (e.g., HTTP), using a different font for each of them makes it easier to read the output of your processing script.
What is RTP in Wireshark?
RTP stands for Real-Time Protocol, which is a protocol that allows the transmission of streaming media over an IP-based network. The protocol determines how audio and video data will be encoded, transmitted, and packaged in data packets along with the information necessary to decode the data at its destination. The communication endpoints involved in an RTP session are called participants. The two participants in an RTP session are called the RTP sender and the RTP receiver.