Hi everyone,
I have used Ethereal/Wireshark for some time now, and I would like to
contribute by developing a protocol-plugin for a combination of a
proprietary and an open protocol based on RTP...
Both protocols run on the sample UDP port-pair tuple. The proprietary
protocol can be detected very easy, as it has an easy to distinguish
signature. The RTP-based part is not, as RTP has really no good
recognition value.
So how would I design such a dissector, that if I detect the easy-to-
recognize proprietary protocol on a UDP-port-tuple, that I could then
heuristically see that the other datagrams will be the RTP-based ones
and hand their decoding appropriate (writing again my own dissector
for this specific RTP payload type)
Best regards,
Tobias
PS.: I will be developing & testing the stuff on Windows-platform,
cause that's what I'm most familiar with ;-)