Wireshark-dev: [Wireshark-dev] SRTP dissection

From: Neil Piercy <Neil.Piercy@xxxxxxxxxxxx>
Date: Wed, 21 Jun 2006 18:19:58 +0100
I've started looking at adding SRTP dissection to wireshark - anyone else already doing this ?

The way I'm heading at present is to add it on the side of RTP/RTCP dissection (in the same files) as it really modifies the payload only, and has no signalling of its presence in the header (only out of band signalling such as MGCP, and it needs the same hooks into other protocols such as MGCP to do this as RTP does).

I'm planning on doing phases:-

a) ensure RTP doesnt try to pass on the encrypted payload to the payload dissectors, and RTCP doesnt try to dissect it (pretty easy & almost done)

b) add auth support (slightly harder, but not much)

c) add decryption support if the key exchange is captured by e.g. SDP or via a user preference (like SSL support for this)

d) add signalling support to any protocols which support SRTP key exchange

Anyone got any strong opinions on whether this is a good or bad design way to go ?