On 3/22/07, Neil Piercy <Neil.Piercy@xxxxxxxxxxxx> wrote:
Attached are patches which provide a basic dissection of Secure RTP/RTCP
profile:
- display of the fields used in the SRTP & SRTCP payloads
- deliberate prevention of the normal dissection of the encrypted payloads
- addition of a callable interface to add SRTP (rather than RTP) streams
from signalling protocols.
There are no signalling protocols using this yet - I have a currently
private protocol which uses it, but I think SRTP/SRTCP support is of wider
relevance.
It has passed testing with our usage of these functions, but we certainly
don't exercise all paths, so all comment and testing welcome.
Ideally I (or somebody else) will go on to add decryption - some hooks are
already in the header files for this - and subsequent dissection of the
payload.
I'd also welcome any views on how to handle RTP profiles in general in
Wireshark, especially for non-signalled RTP captures: having lots of user
preferences sounds to me like it will get out of hand, but without that I'm
not sure how to deal with RTP payloads - de we need another layer of "Decode
As..." for RTP payloads ?
What about heuristics?
is there some sort of magic we can use to determine if it is SRTP?
is there a checksum or similar info we can check?
Regards,
Neil
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
