I've started looking at adding SRTP dissection to wireshark - anyone
else already doing this ?
The way I'm heading at present is to add it on the side of RTP/RTCP
dissection (in the same files) as it really modifies the payload only,
and has no signalling of its presence in the header (only out of band
signalling such as MGCP, and it needs the same hooks into other
protocols such as MGCP to do this as RTP does).
I'm planning on doing phases:-
a) ensure RTP doesnt try to pass on the encrypted payload to the payload
dissectors, and RTCP doesnt try to dissect it (pretty easy & almost done)
b) add auth support (slightly harder, but not much)
c) add decryption support if the key exchange is captured by e.g. SDP or
via a user preference (like SSL support for this)
d) add signalling support to any protocols which support SRTP key exchange
Anyone got any strong opinions on whether this is a good or bad design
way to go ?
Neil