Ethereal-dev: Re: [Ethereal-dev] Re: About H.323 protocol decoding using Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: andreas.sikkema@xxxxxxxxxxx
Date: Mon, 8 Jan 2001 09:12:49 +0100
> You can *capture* it with Ethereal; the question is really why Ethereal
> doesn't recognize the packets as being Q.931, RTP, or RTCP.

Well, not the OFFICAL Ethereal version. The (way too old) 0.8.12 Ethereal 
version I provide at http://voice2sniff.org/ IS capable of capturing AND 
dissecting (most of the) H.323 traffic

> > Only these Ports Defined by ITU-T can be captured? for example
> >      Q.931 TCP  port 1720
> >      RTP   UDP port 5004
> >      RTCP  UDP port 5005
> 
> If those ports are, in fact, reserved for those protocols, perhaps we
> should make Ethereal recognize port 1720 as Q.931-inside-TPKT, and
> recognize ports 5004 and 5005 as RTP and RTCP.

Well, in theory the RTP and RTCP traffic could come from the ports above, 
but I have never seen any client do it. The RTP/RTCP traffic usually 
comes from random ports. I think H.225-inside-Q.931-inside-TPKT is 
already "hardcoded" into the source.

PS. I am thinking about making the Q.931 dissector heuristic in some 
way (probably like the current RTP/RTCP and H.245 dissectors), because 
I have seen that it's missing traffic to a product we sell :-(

-- 
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx