It's an Ascii TPKT...
The code to decode it is commented out...
http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-tpkt.c?revision=23480&view=markup
Can you create an "Enhancement" Bug report, requesting for ascii TPKT
to be decoded and attaching the one trace you sent.
Thanks,
On Fri, Jun 27, 2008 at 2:27 PM, Umut Emin <j.s.bach@xxxxxxxxxxx> wrote:
> which stands for 3 in ascii table,
> 0x33 [hex]= 51[decimal] = 3 [char]
> so the version should be right. ;)
>
> -----Ursprüngliche Nachricht-----
> Datum: Fri, 27 Jun 2008 13:56h
> Von: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
> An: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Betreff: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
>
>
> The problem is that Wireshark won't decode TPKT where version != 3. In
> your case the verion is 0x33.
>
> Is that right or that's a fault on the MG's TPKT implementation?
>
> \\Lego
>
> On Fri, Jun 27, 2008 at 12:17 PM, Umut Emin <j.s.bach@xxxxxxxxxxx> wrote:
>> Hello,
>>
>> i have the following question:
>>
>> if i send a h.248 message (over TCP) wrapped with tpkt header, wireshark doesn't recognize
>> the h.248 transfer. It shows me a package of TPKT protocol with info "Continuation"
>> which is fine. As i want to see what is in the package it doesn't form an expected
>> structure like:
>> TPKT: version:3 length:1024
>> MEGACO:.
>> ..
>> ....
>>
>> It shows the h.248 message as a raw "Data".
>>
>> Now my application creates a TPKT header as explained in RFC 1006 which means:
>>
>> version no = 3 (1 byte)
>> reserved = 0x01 (1 byte)
>> message length = 1024 (2 bytes) [including the tpkt header]
>>
>> and these values are added as 4 bytes in the beginning of the send buffer. Now i wonder
>> if wireshark is not able to work with tpkt on h.248 yet?
>>
>> For clarity, i included a dump from the wire (see package no:4) as attachment.
>>
>> Thanx in advance.
>> Umut
>>
>>
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>>
>
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
