Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] "Track Context" in H248

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Wed, 11 Apr 2007 16:42:00 +0200
H.248.1 p. 8.3 (Messages) states:
" An H.248.1 entity (MG/MGC) must consistently use the same MID in all
messages it originates for the duration of control association with
the peer (MGC/MG). "

But using the MID only might not suffice as we'll know only the
message sender, there's no simple way to know who's the recipient (we
are a protocol analyzer not an MGC or MGw we cannot assume to only
receive messages for a specific MGC/MGw). We could create a mapping
based on the assumption that if there's a mId for a trxReq the  mId of
the mess containing the trxReply with the same trxId would be the
peer, but that would make even more complex code that is already
twisted.

BTW.
I have used it with packets coming from logs of a MGw, no address
whatsoever, just GCP. It worked because all the packets regarded a
single MGw that won't duplicate context Ids and trxIds just happened
to be unique so the "NONE-NONE" address pair was OK to create unique
keys.

Luis

On 4/11/07, Roger Mahler <roger.mahler@xxxxxxx> wrote:

Hi Luis and the other H248 experts

let me ask differently:
Would it be possible to trace a context entirely by looking just at the H248
layer?
 The mId identifies the originator of a message: (i.e. the MGC in case of
(most of) the Request messages and the MGW in case of (most of) the Reply
messages):
Will I be able to extract exactly my TWO mIds (including transactionId and
contextId) and use these as correlation keys OR (and this is my actual
question) can these mIds change in the course of a call?

/Roger


> Depends,
> once the context is set up lower, higher addresses and context-id.
> if the contextid is choose it uses another table with the
> transactionid instead to bind the first transaction.
>
> in current svn the code used to track the context is in epan/gcp.[ch]
> it was in packet-h248.c till the last release.
>
>
> On 4/6/07, Roger Mahler <roger.mahler@xxxxxxx > wrote:
 >> Hello
>>
>> what's Wireshark using as key to track contexts in H248?
>>
>> Cheers,
>> Roger
>>

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev





--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube