Ethereal-users: Re: [Ethereal-users] Filter h225 and h245 problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Sat, 1 Nov 2003 08:54:35 +0100
arif wijalmoko wrote:

>I have tried to capture voip traffic with my configuration, but I always get info ( CS : empty terminal ..., etc ) in h245 protocol information. >What is that info mean ?, Does that info make problem when I try to filter h225 protokol ?


If the summary panel indicates "CS: empty TerminalCapabilitySet" then there is probably a Facility message with a tunneled H.245
message TerminalCapabilitySet.

You will see "CS: empty" if the h323-message-body in the H.225 message is empty. I think that H.323 version 2 specifications says that the h323-message-body should be empty in some cases when tunneling messages in a Facility message. 

In H.323 version 4 the recommended way is to not use a non-empty h323-message-body but to set the facilityReason to indicate a tunneled message, if I remember correct. Then you would see "CS: facility  TerminalCapabilitySet" or similar.

This shouldn't affect the filtering if you are just using a filter such as "h225 or h245" or "h225". 

But if you are filtering on a specific call-id you will not get the Facility messages related to a specific call if the h323-message-body is empty,
since there is no call-id (guid, conferenceID) if the h323-message-body is empty.

You can normally use filters such as:
h225.conferenceID == 80:84:2b:1f:a2:d6:d6:11:80:29:b8:6b:00:00:23:48
h225.guid == 80:d4:39:19:96:3f:b3:11:a0:e4:00:80:37:54:b9:11
to get the H.225 mesages related to a specific call, but you will not see the messages with empty h323-message-body.

TPKT
    Version: 3
    Reserved: 0
    Length: 80
Q.931
    Protocol discriminator: Q.931
    Call reference value length: 2
    Call reference flag: Message sent to originating side
    Call reference value: 0001
    Message type: FACILITY (0x62)
    User-user
        Information element: User-user
        Length: 68
        Protocol discriminator: X.208 and X.209 coded user information
H.225.0 CS
    H323_UserInformation
        Extension Bit: 0... .... False
        Optional Field Bit: .0.. .... False (user_data is NOT present)
        H323_UU_PDU
            Extension Bit: ..1. .... True
            Optional Field Bit: ...0 .... False (nonStandardData is NOT present)
            h323_message_body
                Extension Bit: .... 1... True
                Small Number Bit: .... .0.. False
                Choice Extension: 1
                Open Type Length: 1
                empty
            Small Number Bit: 0... .... False
            Number of Sequence Extensions: 3
            Extension Present Bit: .... ...0 False (h4501SupplementaryService is NOT present)
            Extension Present Bit: 1... .... True (h245Tunneling is present)
            Extension Present Bit: .1.. .... True (h245Control is present)
            Extension Present Bit: ..1. .... True (nonStandardControl is present)
            Open Type Length: 1
            h245Tunneling: 1... .... True
            Open Type Length: 44
            h245Control
                Sequence-Of Length: 1
                Item 0
                    Octet String Length: 42
                    H.245
                        MultimediaSystemControlMessage
                            Extension Bit: 0... .... False
                            PDU Type: .00. .... : Request (0)
                                RequestMessage
                                    Extension Bit: ...0 .... False
                                    Request Type: .... 0010 : TerminalCapabilitySet (2)
                                        TerminalCapabilitySet
                                            Extension Bit: 0... .... False
                                            Optional Field Bit: .1.. .... True 
:
:

Below is some more examples how the summary panel can look for some H.245 and/or H.225 messages:

H.225.0 CS: setup OpenLogicalChannel 
   ### This means that there is a H.225 setup mesage with fastStart  (H.245 OpenLogicalChannel)

H.225.0 CS: callProceeding 
   ### This means that there is a H.225 callProceeding message

H.225.0 RAS: admissionRequest 
   ### This means that there is a H.225 admissionRequest RAS-message

H.225.0 RAS: admissionConfirm 
  ### This means that there is a H.225 admissionConfirm RAS-message

H.225.0 CS: connect OpenLogicalChannel 
  ###  This means that there is a H.225 connect message with H.245 OpenLogicalChannel

H.245   TerminalCapabilitySet 
  ###  This means that there is a H.245 TerminalCapabilitySet message  (not tunneled in H.225)

H.225.0 CS: connect    CS: facility  TerminalCapabilitySet   CS: facility  MasterSlaveDetermination
  ###  This frame contains several H.225 messages. There is a H.225 Connect message, one H.225 Facility message with a
  ###  tunneled H.245 TerminalCapabilitySet message and one H.225 Facility message with a tunneled 
  ###  H.245 MasterSlaveDetermination message

 H.245   OpenLogicalChannel (g711Alaw64k) 
  ###  This means that there is a H.245 OpenLogicalChannel message with g711Alaw64k codec