Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Fri, 27 Jun 2008 13:56:35 +0200
The problem is that Wireshark won't decode TPKT where version != 3. In
your case the verion is 0x33.

Is that right or that's a fault on the MG's TPKT implementation?

\\Lego

On Fri, Jun 27, 2008 at 12:17 PM, Umut Emin <j.s.bach@xxxxxxxxxxx> wrote:
> Hello,
>
> i have the following question:
>
> if i send a h.248 message (over TCP) wrapped with tpkt header, wireshark doesn't recognize
> the h.248 transfer. It shows me a package of TPKT protocol with info "Continuation"
> which is fine. As i want to see what is in the package it doesn't form an expected
> structure like:
> TPKT: version:3 length:1024
> MEGACO:.
>       ..
>       ....
>
> It shows the h.248 message as a raw "Data".
>
> Now my application creates a TPKT header as explained in RFC 1006 which means:
>
> version no = 3  (1 byte)
> reserved = 0x01 (1 byte)
> message length = 1024 (2 bytes) [including the tpkt header]
>
> and these values are added as 4 bytes in the beginning of the send buffer. Now i wonder
> if wireshark is not able to work with tpkt on h.248 yet?
>
> For clarity, i included a dump from the wire (see package no:4) as attachment.
>
> Thanx in advance.
> Umut
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan