On May 11, 2011, at 2:13 PM, Alex Lindberg wrote:
> I need to dissect a H225 TCP message included in a q.931 packet. However there is NO tpkt header in the message as expected by the q.931 dissector.
Actually, what the dissector cares about is whether it's "over IP" - which currently means "over TPKT *OR* SCTP with a PPI of 13" - not whether there's a TPKT header.
> Thus the H225 part of the packet is not dissected.
I.e., this is Q.931 traffic that's *not* Q.931-over-TPKT traffic, or Q.931-over-SCTP-PPI-13 traffic, but, in the Q.931 traffic, there are user-user IEs that contain H.225 traffic?
If so, what is the Q.931 traffic being transported on top of, if not TPKT or SCTP?