Hi, I'm pretty much a Wireshark noob, but..
I'm trying to analyze some RTP streams, some of which are set up by SIP (with some additional features).
I'm writing packet dissectors in Lua, but there are a couple of problems. As far as I can tell, if I use a chained dissector and add it to the udp dissector table where udp.port == [port of interest] then the dissector works fine EXCEPT where the builtin Wireshark RTP dissector has added a 'Stream setup by SDP' subtree. I'm not sure how Wireshark determines which packets are RTP other than as part of a SIP conversation, but I haven't had any luck attaching a dissector to these packets.
The most reliable way is to disable the RTP protocol and dissect the RTP headers myself, but then I lose the stream setup by info that Wireshark provides. I can probably do this myself with Lua but it seems like a lot of extra work, given my level of expertise.. I would prefer to take advantage of all of Wiresharks built in RTP dissectors and just add my stuff at the end.
Which leads me to my second problem. A post dissector actually works fine, is easy to write and accomplishes EVERYTHING I need, EXCEPT for the fact that the post dissector tree IS NOT WRITTEN to an exported .PDML file. This is a blocking issue for me as I'm doing further analysis with this file.
I'd be very grateful for any pointers on what is causing the SDP setup info dissector to disable my dissector and how to make it work. Failing that, is exporting of post dissector info to .pdml problematic, or is this just an omission that could be fixed in the source? (I'm not keen to build Wireshark myself as I'm using windoze, but maybe if this is an easy fix, somebody could submit a patch?).
Cheers,
--
Jonathan PoffSenior Design EngineerTait Communications
DDI: +64 3 3579816
Email:
jonathan.poff@xxxxxxxxxxxxx
www.taitradio.com
This email, including any attachments, is only
for the intended recipient. It is subject to copyright, is confidential
and may be the subject of legal or other privilege, none of which is
waived or lost by reason of this transmission.If
you are not an intended recipient, you may not use, disseminate,
distribute or reproduce such email, any attachments, or any part
thereof. If you have received a message in error, please notify the
sender immediately and erase all copies of the message and any
attachments.
Unfortunately, we
cannot warrant that the email has not been altered or corrupted during
transmission nor can we guarantee that any email or any attachments are
free from computer viruses or other conditions which may damage or
interfere with recipient data, hardware or software. The recipient
relies upon its own procedures and assumes all risk of use and of
opening any attachments.