Home page logo
/

wireshark logo Wireshark mailing list archives

RTP dissector in Lua not chained with SDP setup info present and post-dissector not saved in pdml
From: Jonathan Poff <jonathan.poff () taitradio com>
Date: Mon, 28 Jan 2013 09:53:29 +1300

Hi, I'm pretty much a Wireshark noob, but..

I'm trying to analyze some RTP streams, some of which are set up by SIP
(with some additional features).

I'm writing packet dissectors in Lua, but there are a couple of problems.
As far as I can tell, if I use a chained dissector and add it to the udp
dissector table where udp.port == [port of interest] then the dissector
works fine EXCEPT where the builtin Wireshark RTP dissector has added a
'Stream setup by SDP' subtree.  I'm not sure how Wireshark determines which
packets are RTP other than as part of a SIP conversation, but I haven't had
any luck attaching a dissector to these packets.

The most reliable way is to disable the RTP protocol and dissect the RTP
headers myself, but then I lose the stream setup by info that Wireshark
provides.  I can probably do this myself with Lua but it seems like a lot
of extra work, given my level of expertise..  I would prefer to take
advantage of all of Wiresharks built in RTP dissectors and just add my
stuff at the end.

Which leads me to my second problem.  A post dissector actually works fine,
is easy to write and accomplishes EVERYTHING I need, EXCEPT for the fact
that the post dissector tree IS NOT WRITTEN to an exported .PDML file.
This is a blocking issue for me as I'm doing further analysis with this
file.

I'd be very grateful for any pointers on what is causing the SDP setup info
dissector to disable my dissector and how to make it work.  Failing that,
is exporting of post dissector info to .pdml problematic, or is this just
an omission that could be fixed in the source?  (I'm not keen to build
Wireshark myself as I'm using windoze, but maybe if this is an easy fix,
somebody could submit a patch?).

Cheers,

-- 
*Jonathan Poff*
*Senior Design Engineer*
Tait Communications
DDI: +64 3 3579816
Email: jonathan.poff () taitradio com


www.taitradio.com

-- 

------------------------------
This email, including any attachments, is only for the intended recipient. 
It is subject to copyright, is confidential and may be the subject of legal 
or other privilege, none of which is waived or lost by reason of this 
transmission.
If you are not an intended recipient, you may not use, disseminate, 
distribute or reproduce such email, any attachments, or any part thereof. 
If you have received a message in error, please notify the sender 
immediately and erase all copies of the message and any attachments.
Unfortunately, we cannot warrant that the email has not been altered or 
corrupted during transmission nor can we guarantee that any email or any 
attachments are free from computer viruses or other conditions which may 
damage or interfere with recipient data, hardware or software. The 
recipient relies upon its own procedures and assumes all risk of use and of 
opening any attachments.
------------------------------
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
  • RTP dissector in Lua not chained with SDP setup info present and post-dissector not saved in pdml Jonathan Poff (Jan 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault