Wireshark-users: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Fri, 27 Jun 2008 14:41:52 +0200
It's an Ascii TPKT... The code to decode it is commented out... http://anonsvn.wireshark.org/viewvc/index.py/trunk/epan/dissectors/packet-tpkt.c?revision=23480&view=markup Can you create an "Enhancement" Bug report, requesting for ascii TPKT to be decoded and attaching the one trace you sent. Thanks, On Fri, Jun 27, 2008 at 2:27 PM, Umut Emin <j.s.bach@xxxxxxxxxxx> wrote: > which stands for 3 in ascii table, > 0x33 [hex]= 51[decimal] = 3 [char] > so the version should be right. ;) > > -----Ursprüngliche Nachricht----- > Datum: Fri, 27 Jun 2008 13:56h > Von: "Luis EG Ontanon" <luis@xxxxxxxxxxx> > An: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> > Betreff: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages > > > The problem is that Wireshark won't decode TPKT where version != 3. In > your case the verion is 0x33. > > Is that right or that's a fault on the MG's TPKT implementation? > > \\Lego > > On Fri, Jun 27, 2008 at 12:17 PM, Umut Emin <j.s.bach@xxxxxxxxxxx> wrote: >> Hello, >> >> i have the following question: >> >> if i send a h.248 message (over TCP) wrapped with tpkt header, wireshark doesn't recognize >> the h.248 transfer. It shows me a package of TPKT protocol with info "Continuation" >> which is fine. As i want to see what is in the package it doesn't form an expected >> structure like: >> TPKT: version:3 length:1024 >> MEGACO:. >> .. >> .... >> >> It shows the h.248 message as a raw "Data". >> >> Now my application creates a TPKT header as explained in RFC 1006 which means: >> >> version no = 3 (1 byte) >> reserved = 0x01 (1 byte) >> message length = 1024 (2 bytes) [including the tpkt header] >> >> and these values are added as 4 bytes in the beginning of the send buffer. Now i wonder >> if wireshark is not able to work with tpkt on h.248 yet? >> >> For clarity, i included a dump from the wire (see package no:4) as attachment. >> >> Thanx in advance. >> Umut >> >> >> >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@xxxxxxxxxxxxx >> https://wireshark.org/mailman/listinfo/wireshark-users >> >> > > > > -- > This information is top security. When you have read it, destroy yourself. > -- Marshall McLuhan > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan
- References:
- Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
- From: Umut Emin
- Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
- Prev by Date: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
- Next by Date: Re: [Wireshark-users] Question about RTP stream analysis window
- Previous by thread: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
- Next by thread: [Wireshark-users] HTTP GET /(none) ??
- Index(es):
- Get Wireshark
- Download
- Code of Conduct