Wireshark · Wireshark-dev: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors

Wireshark-dev: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors

From: Kristian Kielhofner <kris@xxxxxxxxxxxx>

Date: Mon, 29 Oct 2012 11:44:21 -0400

On Sat, Oct 27, 2012 at 1:55 PM, Dirk Jagdmann <doj@xxxxxxxxx> wrote:
>
> Those two protocols are indeed made to look like HTTP headers. Have you tried to
> make the following settings in the HTTP preferences:
> enable "Reassemble HTTP headers..."
> disable "Reassemble HTTP bodies..."
>
> and add the TCP ports you're interested to the list. Now of course those
> protocols will be shown as HTTP, but it should give some results. If that
> doesn't work well, you'll have to look into your own custom dissector.
>

Dirk,

  Yes, I have tried this.  While there are various issues with this
approach the most significant appears to be the lack of a
Content-Length header with AMI.

  So yes, I'm still interested in sponsoring the work of a custom
dissector for these protocols :).

-- 
Kristian Kielhofner

References:
- [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
  - From: Kristian Kielhofner
- Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
  - From: Dirk Jagdmann

Prev by Date: [Wireshark-dev] Does Wireshark uses a pseudo-header for VRRPv3 IPv4 checksum calculation?
Next by Date: Re: [Wireshark-dev] Appending 2 TVBs in Wireshark 1.8.2
Previous by thread: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 45733: /trunk/ /trunk/tools/: fuzz-test.sh
Index(es):
- Date
- Thread