Ethereal-dev: Re: [Ethereal-dev] Re: About H.323 protocol decoding using Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: andreas.sikkema@xxxxxxxxxxx
Date: Mon, 8 Jan 2001 09:12:49 +0100
> You can *capture* it with Ethereal; the question is really why Ethereal
> doesn't recognize the packets as being Q.931, RTP, or RTCP.

Well, not the OFFICAL Ethereal version. The (way too old) 0.8.12 Ethereal 
version I provide at http://voice2sniff.org/ IS capable of capturing AND 
dissecting (most of the) H.323 traffic

> > Only these Ports Defined by ITU-T can be captured? for example
> >      Q.931 TCP  port 1720
> >      RTP   UDP port 5004
> >      RTCP  UDP port 5005
> 
> If those ports are, in fact, reserved for those protocols, perhaps we
> should make Ethereal recognize port 1720 as Q.931-inside-TPKT, and
> recognize ports 5004 and 5005 as RTP and RTCP.

Well, in theory the RTP and RTCP traffic could come from the ports above, 
but I have never seen any client do it. The RTP/RTCP traffic usually 
comes from random ports. I think H.225-inside-Q.931-inside-TPKT is 
already "hardcoded" into the source.

PS. I am thinking about making the Q.931 dissector heuristic in some 
way (probably like the current RTP/RTCP and H.245 dissectors), because 
I have seen that it's missing traffic to a product we sell :-(

-- 
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx