Wireshark-users: Re: [Wireshark-users] Secure RTP
From: "Keith French" <[email protected]>
Date: Fri, 14 Aug 2009 16:20:34 +0100
Hi Jaap,
Looking at the trace some more, not only is the signalling Skinny, it is not decoded as such (just TCP port 2443). I don't have any knowledge of secure VoIP, but is there a secure version of Skinny?
I tried a "Decode As" Skinny for 2443, but it made no difference. I am guessing that because Wireshark is only recognising the Skinny as TCP and I have the RTP option of "Try to decode RTP outside of conversations" ticked, this is one reason as to why the SRTP is currently decoded as RTP?
Keith French.
----- Original Message -----
Sent: Friday, August 14, 2009 2:52 PM
Subject: Re: [Wireshark-users] Secure RTP


Wireshark already can distinguish between RTP and SRTP, when properly signalled (like in SDP). Currently it's not, SDP sets dummy SRTP info, hence the RTP dissector can't make use of it other than saying it's SRTP. Once the SDP, MIKEY or other dissector start to set real SRTP info the RTP dissector can show some real SRTP dissection. 


Sent from my iPhone

On 14 aug 2009, at 15:05, "Keith French" <[email protected]> wrote:

Are there any plans to build a dissector for the SRTP protocol? Currently all SRTP packets are decoded as RTP. I can provide an example trace if it will be of use to a developer.
Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:[email protected]?subject=unsubscribe

Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:[email protected]?subject=unsubscribe

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.392 / Virus Database: 270.13.56/2302 - Release Date: 08/14/09 06:10:00