So you have just captured a SIP call with SRTP media and wondering why your wireshark is showing you RTP packets , these should be encrypted and hidden. Note that header for RTP \ SRTP is same. The only difference is that the payload in encrypted in SRTP. So you will very well see the RTP packets in a SRTP call, but you can't play the media as payload is encrypted in SRTP.
If wireshark is not already showing you RTP packets, you can right click, decode as & choose RTP. (The UDP packets are then shown as RTP).
How do you know that the RTP payload is encrypted? Well there is no straight forward way to know. The way to find is make a call, send some DTMF digits and look at the packets what is sent. If you see the dialed digits in capture then it's not SRTP. If you see no digits or wrong digints in capture then it's SRTP.
I am an IOT enthusiast with more than 20 years of experience in the IT sector. Specializing in telecom service's; follow me for some very innovative and best in class IOT products as I unfold my knowledge and passion for the subject.
Just me, myself and I, exploring the universe of uknownment. I have a heart of love and interests in technology, IOT and travel . And I want to share my world with you .