Wireshark-bugs: [Wireshark-bugs] [Bug 5693] New: SRTP packets wrongly marked as RTP
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5693
Summary: SRTP packets wrongly marked as RTP
Product: Wireshark
Version: 1.4.3
Platform: x86
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: singhujjwal@xxxxxxxxx
Created an attachment (id=5941)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5941)
SIP call capture for SRTP packets
Build Information:
Version 1.4.3 (SVN Rev 35482 from /trunk-1.4)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jan
11 2011), with AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
--
I was capturing SRTP packets with Wireshark and I feel that there is a bug in
Wireshark when the neogitaion of SIP messages is done in SRTP best effort mode.
When an INVITE is sent with two "m=" lines one with SAVP profile for SRTP and
the other "m=" line with AVP profile for RTP. The other end accepts the first
"m=" line for SAVP and sets the port of the second "m=" line to zero to
indicate it has accepted SRTP mode. After session negotiation it starts sending
SRTP in both ways.
Wireshark marks the packet from the originator end correctly as SRTP but
wrongly marks the packet from the callee side as RTP.
Please find the pcap file attached for this scenario. Please let me know if
this is a bug in Wireshark.
Thanks for the help,
Ujjwal Singh
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.