I have a strange issue while trying to capture RTP (UDP) traffic. I have a phone using IP 192.168.9.4 and a Windows 2003 PC connected to the same switch (actually to the monitor port of the switch - that's how I'm able to sniff the traffic).
When I run:
windump -i <interface_name> -tnnq
I can see all the RTP traffic of an open VOIP connection, but when I run:
windump -i <interface_name> -tnnq host 192.168.9.4
.. or even ..
windump -i <interface_name> -tnnq udp
I cannot see RTP traffic at all.
I'm using RTP in the description because I think I saw 1 UDP packet - ARP somewhere during my tests, so maybe not all UTP is affected.
I tried to connect my laptop to the monitoring port (Win7) and on both scenarios it worked OK (I was able to see RTP traffic from the phone).
Any ideas what can I check to find out what's wrong in the config of my Windows 2003 machine?