Wireshark · Ethereal-dev: Re: [ethereal-dev] Dissector without a name

Ethereal-dev: Re: [ethereal-dev] Dissector without a name

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Tue, 5 Sep 2000 10:09:13 +0200

> It was easy to write, because it's basically a well-know-port (102)
> TCP/IP dissector, which creates a link to the OSI-branch of the
> dissector-tree of ethereal.

I have also written a dissector for it :-(. But mine is a bit different I 
think, because it is used to wrap H.225 and H.245, but not always :-(

It seems a really nice and easy protocol until you get to the evil part.
One TCP stream can consist of the following messages

TPKT
H225
TPKT
H225
TPKT
H225

(TPKT is used to "wrap" H225)

The packet boundaries can be anywhere in between the H225 and TPKTs...

> RFC 1006 doesn't define a name for the protocol.....

H.323 related protocols call it TPKT!

-- 
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx
"Standing barefoot in a river of clues, most people would 
         not get their toes wet." - Brian Kantor in a.s.r.

Follow-Ups:
- Re: [ethereal-dev] Dissector without a name
  - From: Dr.-Ing. Gerrit Gehnen

Prev by Date: Re: [ethereal-dev] Dissector without a name
Next by Date: Re: [ethereal-dev] Dissector without a name
Previous by thread: Re: [ethereal-dev] Dissector without a name
Next by thread: Re: [ethereal-dev] Dissector without a name
Index(es):
- Date
- Thread