The H.223 dissector expects its parent protocol to support
defragmentation; if you just give wireshark the raw data, I don't think
you'll get the defragmentation, as it's quite specific to individual
protocols such as TCP. Fabio's approach makes sense to me.
Fabio, I'm away next week, but I'll have a look at your patch when I get
back. Regards, Richard
Richard, thank you for your answer!
I learn on the wiki that H.223 dissector is invoked
when H.223 traffic is carried over TCP (or IAX2).
If can be useful I can send you the two H223 raw dump
file (640k zipped file) and the code to incapsulate
them in a "fake" TCP traffic saved as a pcap dump file
with some explanation to use it.
In the file packet-h223.c attached to my first message
there are some old commet that can be confusing to you
(and are in Italian :-)) so I explain here where I
make modification:
static h223_call_info *find_or_create_call_info ( packet_info * pinfo )
{
[...]
if( data == NULL )
{
[...]
}
(&data -> direction_data[0]) -> first_pdu = TRUE; //#############
(&data -> direction_data[1]) -> first_pdu = TRUE; //#############
[...]
}
I added only the two lines marked here with //#############
just after the closing bracket of the "if( data == NULL )"
condition.
Have a good week.
Regards,
Fabio Sguanci
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Ti piace la chitarra? Impara a suonarla senza fatica ed evitando tutti gli errori, con l'aiuto di un maestro professionista
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5144&d=19-1