Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5693] New: SRTP packets wrongly marked as RTP

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 15 Feb 2011 01:34:50 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5693

           Summary: SRTP packets wrongly marked as RTP
           Product: Wireshark
           Version: 1.4.3
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: singhujjwal@xxxxxxxxx


Created an attachment (id=5941)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5941)
SIP call capture for SRTP packets

Build Information:
Version 1.4.3 (SVN Rev 35482 from /trunk-1.4)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jan
11 2011), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
--

I was capturing SRTP packets with Wireshark and I feel that there is a bug in
Wireshark when the neogitaion of SIP messages is done in SRTP best effort mode.
When an INVITE is sent with two "m=" lines one with SAVP profile for SRTP and
the other "m=" line with AVP profile for RTP. The other end accepts the first
"m=" line for SAVP and sets the port of the second "m=" line to zero to
indicate it has accepted SRTP mode. After session negotiation it starts sending
SRTP in both ways.

Wireshark marks the packet from the originator end correctly as SRTP but
wrongly marks the packet from the callee side as RTP.
Please find the pcap file attached for this scenario. Please let me know if
this is a bug in Wireshark.

Thanks for the help,
Ujjwal Singh

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube