Hello,
i have the following question:
if i send a h.248 message (over TCP) wrapped with tpkt header, wireshark doesn't recognize
the h.248 transfer. It shows me a package of TPKT protocol with info "Continuation"
which is fine. As i want to see what is in the package it doesn't form an expected
structure like:
TPKT: version:3 length:1024
MEGACO:.
..
....
It shows the h.248 message as a raw "Data".
Now my application creates a TPKT header as explained in RFC 1006 which means:
version no = 3 (1 byte)
reserved = 0x01 (1 byte)
message length = 1024 (2 bytes) [including the tpkt header]
and these values are added as 4 bytes in the beginning of the send buffer. Now i wonder
if wireshark is not able to work with tpkt on h.248 yet?
For clarity, i included a dump from the wire (see package no:4) as attachment.
Thanx in advance.
Umut
Attachment:
tpkt_h248_wrapping.pcap
Description: tpkt_h248_wrapping.pcap
