Wireshark-users: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages
From: "Umut Emin" <[email protected]>
Date: Fri, 27 Jun 2008 14:27:08 +0200 (CEST)
which stands for 3 in ascii table, 
0x33 [hex]= 51[decimal] = 3 [char]
so the version should be right. ;)

-----Urspr√ľngliche Nachricht-----
Datum: Fri, 27 Jun 2008 13:56h
Von: "Luis EG Ontanon" <[email protected]>
An: "Community support list for Wireshark" <[email protected]>
Betreff: Re: [Wireshark-users] TPKT-Wrapping of H.248 Messages


The problem is that Wireshark won't decode TPKT where version != 3. In
your case the verion is 0x33.

Is that right or that's a fault on the MG's TPKT implementation?

\\Lego

On Fri, Jun 27, 2008 at 12:17 PM, Umut Emin <[email protected]> wrote:
> Hello,
>
> i have the following question:
>
> if i send a h.248 message (over TCP) wrapped with tpkt header, wireshark doesn't recognize
> the h.248 transfer. It shows me a package of TPKT protocol with info "Continuation"
> which is fine. As i want to see what is in the package it doesn't form an expected
> structure like:
> TPKT: version:3 length:1024
> MEGACO:.
>       ..
>       ....
>
> It shows the h.248 message as a raw "Data".
>
> Now my application creates a TPKT header as explained in RFC 1006 which means:
>
> version no = 3  (1 byte)
> reserved = 0x01 (1 byte)
> message length = 1024 (2 bytes) [including the tpkt header]
>
> and these values are added as 4 bytes in the beginning of the send buffer. Now i wonder
> if wireshark is not able to work with tpkt on h.248 yet?
>
> For clarity, i included a dump from the wire (see package no:4) as attachment.
>
> Thanx in advance.
> Umut
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
[email protected]
https://wireshark.org/mailman/listinfo/wireshark-users