We have a high amount of unknown application data coming in from sflow. Upon investigation, I've realised it's RTP traffic for a SIP service.
Given that RTP can operate on any port, how do we get rid of the large amount of Unknown Application items?
I'm especially intrigued because in the Protocol pie chart it shows as Unknown, even though it's UDP.