Wireshark-bugs: [Wireshark-bugs] [Bug 3545] New: IAX2 disector cannot examine IAX2 trunked packe
Date: Wed, 17 Jun 2009 12:34:36 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3545

           Summary: IAX2 disector cannot examine IAX2 trunked packets.
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxx


Created an attachment (id=3124)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3124)
A trunked packet with matching untrunked packets

Build Information:
I tested this with the 1.2.0 release.  I'm reasonably certain that no earlier
version has this right.  I don't have a newer SVN binary, but I did glance at
the source code which ignores the contents of type 3 meta packets --- so I'm
pretty sure "all" is appropriate here.
--
I've included a good example.  In this example, one direction of the IAX stream
is trunked and the other direction is untrunked.  There is one trunked packet
and 4 untrunked packets (ie: there are 4 total calls).  The trunked packet
contains all 4 calls in one packet.  The untrunked packets contain the 4 calls
in separate packets.

The individual packets are analyzed correctly.  The trunked packet simply shows
as an IAX type 3 "meta packet."  Similarly, the individual packets can be
analyzed by the "voip calls" menu item and the trunked packets cannot.

I'm no expert on how the trunked packets are formed in IAX2, but they are
common.  In fact, a reason to use IAX2 instead of SIP is that they trunked
packets are much smaller (no duplicate IP/UDP headers) than the corresponding
RTP packets for SIP.

I can also point out that wireshark would be the only packet view capable of
dissecting an IAX2 packet if this were fixed.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.