Ethereal-users: Re: [Ethereal-users] Why Tethereal can not print protocol tree ofH245/RTP/RTCP
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Sat, 2 Aug 2003 08:31:15 +0200
Guy Harris wrote: > >On Friday, August 1, 2003, at 2:50 AM, Deng, Luke Hao (Luke) wrote: > >> Yes. In ethereal, protocol tree of frame 22 is printed very well. > >That's odd. It's behaving as if, on the first time the packet is >dissected, it recognizes it as an H.245 packet if it's not building a >protocol tree but not if it is, but after that, it recognizes it as >H.245 even if it's building a protocol tree. > >Ethereal 0.9.14 has an H.245 dissector built into it, and the current >CVS version of Ethereal has an H.225 dissector built into it; it might >be interesting to try your capture with Ethereal 0.9.14. I got the same behaviour as Luke when I tried with some captures, e.g. the sample available on the Ethereal web http://www.ethereal.com/sample/rtp_example.raw.gz I tried this with Ethereal version 0.9.13a, 0.9.10 and 0.9.8 on Windows 98 and get similar resuls with all these versions. H.245, RTP and RTCP is not working in verbose mode, but H.225 is working when using verbose mode as you see below: <tethereal -r rtp_example_raw.gz -R h245 15 1.224703 82 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 TerminalCapabili tySet 17 1.228962 65 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 MasterSlaveDeter mination 19 1.260281 103 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 TerminalCapabil itySet 20 1.261514 65 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 MasterSlaveDeter mination 22 1.331996 67 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 TerminalCapabili tySetAck MasterSlaveDeterminationAck 24 1.367236 61 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 TerminalCapabili tySetAck 26 1.404279 60 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 MasterSlaveDeter minationAck 28 1.454561 78 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 OpenLogicalChann el 29 1.481158 77 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 OpenLogicalChann el 31 1.512165 84 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 OpenLogicalChann elAck 32 1.604745 85 10.1.6.18 -> 10.1.3.143 32804 1232 H.245 OpenLogicalChann elAck *** OK *** ============================================= <tethereal -r rtp_example_raw.gz -V -R h245 ***nothing is printed. Not OK *** ============================================= <tethereal -r rtp_example_raw.gz -R frame.number==28 28 1.454561 78 10.1.3.143 -> 10.1.6.18 1232 32804 H.245 OpenLogicalChann el *** OK *** ============================================= <tethereal -r rtp_example_raw.gz -V -R frame.number==28 Ethernet II, Src: 00:04:76:22:20:17, Dst: 00:d0:50:10:01:66 Destination: 00:d0:50:10:01:66 (00:d0:50:10:01:66) Source: 00:04:76:22:20:17 (00:04:76:22:20:17) Type: IP (0x0800) Internet Protocol, Src Addr: 10.1.3.143 (10.1.3.143), Dst Addr: 10.1.6.18 (10.1. 6.18) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 64 Identification: 0x0453 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x18c3 (correct) Source: 10.1.3.143 (10.1.3.143) Destination: 10.1.6.18 (10.1.6.18) Transmission Control Protocol, Src Port: 32804 (32804), Dst Port: 1232 (1232), S eq: 3423569605, Ack: 3715142130, Len: 24 Source port: 32804 (32804) Destination port: 1232 (1232) Sequence number: 3423569605 Next sequence number: 3423569629 Acknowledgement number: 3715142130 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 5840 Checksum: 0xdf49 (correct) Data (24 bytes) 0000 03 00 00 18 03 00 00 64 0c 20 1d 80 0b 0d 00 01 .......d. ...... 0010 00 0a 01 03 8f 13 89 80 ........ **** i.e. not shown as H.245. Not OK **** ============================================= <tethereal -r rtp_example_raw.gz -R h225 4 0.019061 214 10.1.3.143 -> 10.1.6.18 h225 32803 H.225.0 CS: Setup-UUI E 6 0.241725 118 10.1.6.18 -> 10.1.3.143 32803 h225 H.225.0 CS: CallProce eding-UUIE 8 0.419123 118 10.1.6.18 -> 10.1.3.143 32803 h225 H.225.0 CS: Alerting- UUIE 10 1.046808 151 10.1.6.18 -> 10.1.3.143 32803 h225 H.225.0 CS: Connect-U UIE *** OK *** ============================================= <tethereal -r rtp_example_raw.gz -R h225 : : .... ...0 = Fin: Not set Window size: 8192 Checksum: 0xf533 (correct) TPKT Version: 3 Reserved: 0 Length: 97 Q.931 Protocol discriminator: Q.931 Call reference value length: 2 Call reference flag: Message sent to originating side Call reference value: 77F4 Message type: CONNECT (0x07) Display Information element: Display Length: 7 Display information: M.JEMEC User-user Information element: User-user Length: 76 Protocol discriminator: X.208 and X.209 coded user information ITU-T Recommendation H.225.0 h323_uu_pdu (H323-UU-PDU) h323_message_body (connect) connect protocolIdentifier: 0.0.8.2250.0.3 h245Address (ipAddress) ipAddress ip: 10.1.6.18 (10.1.6.18) port: 1232 destinationInfo (EndpointType) vendor (VendorIdentifier) vendor (H221NonStandard) t35CountryCode: 0 t35Extension: 0 manufacturerCode: 0 productId: 310i versionId: R terminal (TerminalInfo) mc: False undefinedNode: False conferenceID: F8FDF93E-CD9E-D611-9AB2-000476222017 callIdentifier (CallIdentifier) guid: C0FEF93E-CD9E-D611-9AB2-000476222017 multipleCalls: False maintainConnection: False h245Tunneling: False *** H225 works OK *** ============================================= <tethereal -r rtp_example_raw.gz -R rtp : : 489 8.542281 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59363, Time=55440 490 8.547536 294 10.1.6.18 -> 10.1.3.143 5000 2006 RTP Payload type=ITU-T G.711 PCMA, SSRC=4090175489, Seq=9825, Time=54240 491 8.572393 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59364, Time=55680 492 8.578128 294 10.1.6.18 -> 10.1.3.143 5000 2006 RTP Payload type=ITU-T G.711 PCMA, SSRC=4090175489, Seq=9826, Time=54480 493 8.602306 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59365, Time=55920 494 8.608235 294 10.1.6.18 -> 10.1.3.143 5000 2006 RTP Payload type=ITU-T G.711 PCMA, SSRC=4090175489, Seq=9827, Time=54720 495 8.632418 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59366, Time=56160 496 8.636269 294 10.1.6.18 -> 10.1.3.143 5000 2006 RTP Payload type=ITU-T G.711 PCMA, SSRC=4090175489, Seq=9828, Time=54960 497 8.662488 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59367, Time=56400 498 8.667984 294 10.1.6.18 -> 10.1.3.143 5000 2006 RTP Payload type=ITU-T G.711 PCMA, SSRC=4090175489, Seq=9829, Time=55200 499 8.692673 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59368, Time=56640 *** OK *** ============================================= <tethereal -r rtp_example_raw.gz -V -R rtp ***nothing is printed. Not OK *** ============================================= <tethereal -r rtp_example_raw.gz -R frame.number==495 495 8.632418 294 10.1.3.143 -> 10.1.6.18 2006 5000 RTP Payload type=ITU-T G.711 PCMA, SSRC=3739283087, Seq=59366, Time=56160 *** OK *** ============================================= <tethereal -r rtp_example_raw.gz -V -R frame.number==495 Internet Protocol, Src Addr: 10.1.3.143 (10.1.3.143), Dst Addr: 10.1.6.18 (10 6.18) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 280 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x1c23 (correct) Source: 10.1.3.143 (10.1.3.143) Destination: 10.1.6.18 (10.1.6.18) User Datagram Protocol, Src Port: 5000 (5000), Dst Port: 2006 (2006) Source port: 5000 (5000) Destination port: 2006 (2006) Length: 260 Checksum: 0xde82 (correct) Data (252 bytes) 0000 80 08 e7 e6 00 00 db 60 de e0 ee 8f 4a d5 4a 4a .......`....J.JJ 0010 5a 5a 72 d5 5a 5a 72 5a 72 5a 5a d5 72 72 5a 4a ZZr.ZZrZrZZ.rrZJ 0020 4a 5a 5a 66 d5 72 5a 72 d5 4a 5a 5a 4a 4a 4a 72 JZZf.rZr.JZZJJJr 0030 5a 5a 72 4a 72 5a 4a d5 72 4a 4a 5a 4a 4a 4a 5a ZZrJrZJ.rJJZJJJZ 0040 5a 4a 72 72 4a 4a 72 4a 72 4a 72 4a 4a 4a 72 5a ZJrrJJrJrJrJJJrZ 0050 4a 7a 72 72 7a 72 4a 72 4a 7a 72 72 4a 4a 72 7a JzrrzrJrJzrrJJrz 0060 5a 4a 72 4a 7a 7a 72 72 7a 72 4a 66 4a 4a 72 7a ZJrJzzrrzrJfJJrz 0070 72 72 66 4a 7a 72 7a 72 7a 7a 4a 72 7a 72 72 7a rrfJzrzrzzJrzrrz 0080 7a 72 66 72 72 72 7a 72 7a 7a 72 4a 7a 7a 72 72 zrfrrrzrzzrJzzrr 0090 7a 4a 7a 72 72 66 7a 7a 4a 66 72 4a 72 72 7a 4a zJzrrfzzJfrJrrzJ 00a0 66 5a 62 4a 62 5a 66 d5 66 7a 7a 5a 7a 72 7a 5a fZbJbZf.fzzZzrzZ 00b0 7a 4a 7a 7a 7a 4a 66 72 4a 72 72 72 7a 7a 4a 72 zJzzzJfrJrrrzzJr 00c0 7a 72 72 4a 72 7a 7a 7a 7a 7a 72 5a 72 72 7a d5 zrrJrzzzzzrZrrz. 00d0 7a 4a 66 4a 66 4a 72 d5 4a 5a 72 72 4a 4a 4a 72 zJfJfJr.JZrrJJJr 00e0 5a 7a 4a 72 4a 72 4a 4a 66 5a 72 4a 72 d5 66 5a ZzJrJrJJfZrJr.fZ 00f0 72 4a 4a 5a 4a 72 f5 5a 4a 4a d5 4a rJJZJr.ZJJ.J *** RTP packet shown as UDP. Not OK *** ============================================= I will probably not have so much time to look into this closer right now, but can maybe try with the new H.225/H.245 dissectors in sa few days. I also think it's very strange that I haven't noticed this problem before. I'm sometimes using some bat-scripts that uses tethereal to extract h245 and h225 messages with similar options. Most of my captures are with tunneled H.245 though, so that may explain why I haven't found out that non-tunneled H.245 messages are missing. I will try to check the behaviour on my other computer that I'm normally using for analysing H.225/H.245.
- Follow-Ups:
- Prev by Date: [Ethereal-users] building static ethereal on 9.0.14
- Next by Date: [Ethereal-users] Does any1 build ethereal using vc++
- Previous by thread: RE: [Ethereal-users] building static ethereal on 9.0.14
- Next by thread: Re: [Ethereal-users] Why Tethereal can not print protocol tree ofH245/RTP/RTCP
- Index(es):
