https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3545
Summary: IAX2 disector cannot examine IAX2 trunked packets.
Product: Wireshark
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxx
Created an attachment (id=3124)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3124)
A trunked packet with matching untrunked packets
Build Information:
I tested this with the 1.2.0 release. I'm reasonably certain that no earlier
version has this right. I don't have a newer SVN binary, but I did glance at
the source code which ignores the contents of type 3 meta packets --- so I'm
pretty sure "all" is appropriate here.
--
I've included a good example. In this example, one direction of the IAX stream
is trunked and the other direction is untrunked. There is one trunked packet
and 4 untrunked packets (ie: there are 4 total calls). The trunked packet
contains all 4 calls in one packet. The untrunked packets contain the 4 calls
in separate packets.
The individual packets are analyzed correctly. The trunked packet simply shows
as an IAX type 3 "meta packet." Similarly, the individual packets can be
analyzed by the "voip calls" menu item and the trunked packets cannot.
I'm no expert on how the trunked packets are formed in IAX2, but they are
common. In fact, a reason to use IAX2 instead of SIP is that they trunked
packets are much smaller (no duplicate IP/UDP headers) than the corresponding
RTP packets for SIP.
I can also point out that wireshark would be the only packet view capable of
dissecting an IAX2 packet if this were fixed.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.