Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2368] Wireshark decodes all G.711 packets as T.38 after a

Date: Thu, 15 Jan 2009 07:05:53 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2368


Jakob Hirsch <jh.wireshark-bugzilla@xxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jh.wireshark-
                   |                            |bugzilla@xxxxxxxx
         OS/Version|Windows XP                  |All
           Platform|PC                          |All
            Version|0.99.8                      |1.0.5




--- Comment #5 from Jakob Hirsch <jh.wireshark-bugzilla@xxxxxxxx>  2009-01-15 07:05:50 PDT ---
(In reply to comment #4)
> This is a hard one to get it fixed... RTP chooses the subdissector to use based
> on what has been learnt by SDP.
> 
> The issue here is that here:
>  A frame containing SDP changes the subdissector to T.38, and there's no way
> for SDP to know that the change was rejected in a later frame.

actually, the subdissector should only be changed if the request is
acknowledged with a 200, not before. This seems to already happen with the
party sending the re-INVITE.

To be clear about this:

Current behaviour (obviously, at least with 1.0.5 and 1.1.1):

(state: call established)
- Both A's and B's media is decoded as RTP
- A sends re-invite with T.38
- B's media is decoded as T.38, A's media is still decoded as RTP
- B sends "200 OK" -> Both A's and B's media is decoded as T.38,
  everything else keeps RTP as A's media type
...

Correct behaviour:

(state: call established)
- Both A's and B's media is decoded as RTP
- A sends re-invite with T.38
- Both A's and B's media is still decoded as RTP
- B sends "200 OK" -> Both A's and B's media is decoded as T.38,
  everything else keeps RTP as media type for both sides
...

So if you'd just move the dissector change for both sides to the time when the
200 is received, it should work as it should.

I never looked at the wireshark code, but if you are too busy to do that (I
tend to think it's only a small change, but you never know), I could try and
change that.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.