Can Bro capture SIP and RTP traffic irrespective of
port the streams they use?
No. For one, Bro doesn't have RTP or SIP analyzers. In addition, it
doesn't have the capability to analyze applications that are not running
on known ports, though addressing this is on the to-do list and I believe
some students are gearing up to tackle it.
Vern