Wireshark-dev: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark ?

From: "Michael Lum" <michael.lum@xxxxxxxxxxxxxxxxx>
Date: Wed, 19 Nov 2008 09:10:27 -0800
Okay, I found my problem, duh, conversations weren't being found
because I wasn't using 'tvb_get_ipv4()' everywhere and the addresses
were not matching.

Thank you


--
Michael Lum                   Principal Software Engineer
4600 Jacombs Road             +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: November 18, 2008 8:43 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Hi,
Could you post the patch and a small trace?
I may not have the time to look into it right now but some one else may.
Regards
Anders 

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Michael Lum
Sent: den 18 november 2008 17:37
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Yes to the 'Unknown' but no to the stream setup by SDP.

I have modified the IOS 5 portion of packet-ansi_a.c.
IOS 5 carries the mime type, IP address, port, etc.


--
Michael Lum                   Principal Software Engineer
4600 Jacombs Road             +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: November 18, 2008 1:15 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Hi,
So with your code cahnges you get it displayed as RTP but PT in the info
column is "Unknown"?
Do you also get something like:
Stream setup by SDP (frame 2536)
In the RTP part?
Regards
Anders 

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Michael Lum
Sent: den 18 november 2008 00:45
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

I just looked at packet-uma.c and I believe I have everything there.

I think the problem is related to dynamic payload types.

This is the code I have for the 'rtp_add_address()':

 key = g_malloc(sizeof(gint));
 *key = rtp_payload_type;
 g_hash_table_insert(rtp_dyn_payload, key, g_strdup(mime_type));

 rtp_add_address(g_pinfo, &rtp_src_addr, rtp_port, 0, "IOS5",
     g_pinfo->fd->num, rtp_dyn_payload); 

I added some debug to packet-rtp.c in 'srtp_add_address()'
and it appears to be working correctly.

The call in 'dissect_rtp()' is always returning NULL:

 p_conv_data = p_get_proto_data(pinfo->fd, proto_rtp);

?

--
Michael Lum                   Principal Software Engineer
4600 Jacombs Road             +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: November 17, 2008 9:53 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Hi,
I think rtp_add_address() should do it, see packet-uma.c SIP RTCP etc.
You might have to add debug code to see where it fails...( if(tree)
causing problems?).
Regards
Anders 

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Michael Lum
Sent: den 17 november 2008 17:59
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Yes, I've tried that, thanks.

Wireshark shows the packets as RTP but does not know the payload type.

I would like to make modifications to the source so that Wireshark will
understand the CODECs specified in the IOS5 signaling and then
subsequently call another dissector for RFC3558.

Thanks. 


--
Michael Lum                   Principal Software Engineer
4600 Jacombs Road             +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Abhik Sarkar
Sent: November 15, 2008 1:53 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How do you get RTP recognized by Wireshark
?

Hi Michael,

I don't know much about RTP, but I think I remember someone answering a
similar question recently... have you already trying turning on the
preference for RTP protocol called "Try to decode RTP outside of
conversations"?.

HTH
Abhik.

On Fri, Nov 14, 2008 at 10:06 PM, Michael Lum
<michael.lum@xxxxxxxxxxxxxxxxx> wrote:
> Hi,
>
> I have RTP streams that are set up with an unrecognized signaling 
> protocol.  I.e. not SIP/MGCP, etc.
>
> Can somebody give me a quick run down on what to change so that the 
> streams can be recognized as RTP ?
>
> I thought all I might have to do was add a call to
> rtp_add_address() with the correct IP address, port, payload, etc.
> but it doesn't appear to work.
>
> Any help would be great.
>
> Thanks.
>
> --
> Michael Lum                   Principal Software Engineer
> 4600 Jacombs Road             +1.604.276.0055
> Richmond, B.C.
> Canada V6V 3B1
> Star Solutions
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev