Richard van der Hoff wrote:
Well, if your H.223 is over TCP, it may or may not be bitswapped
That presumably means that either
1) call setup negotiates the bit order
or
2) the bit order is chosen "out of band" (e.g., manually).
If it's negotiated at call setup time, presumably if the call setup
traffic is present, Wireshark can determine the bit order, so this
presumably would be needed only in the case where the call setup traffic
*isn't* present, so you would have to manually specify that the TCP
connection is carrying H.223 traffic.
And is there any need to have two separate protocols, rather than two
separate dissectors for the same protocol (namely H.223)?
Um... quite possibly not. I'm hazy on the difference, to be honest.
What's the difference?
The difference is that you wouldn't, for example, be able to find all
H.223 traffic with a filter expression such as "h223".
They're both H.223, so it seems to me that they'd both be the same
protocol, just as DNS-over-UDP and DNS-over-TCP are the same protocol,
even though a little extra work is needed for DNS-over-TCP to deal with
the framing atop TCP's byte stream.