Wireshark · Wireshark-dev: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors

Wireshark-dev: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors

From: Dirk Jagdmann <doj@xxxxxxxxx>

Date: Sat, 27 Oct 2012 10:55:01 -0700

>   Has anyone investigated developing Asterisk AMI and FreeSWITCH ESL
> Wireshark dissectors?  They're both fairly simple protocols and the
> current telnet dissector *kind of* works but I need TCP reassembly to
> work properly for both.  It seems like Wireshark dissectors would be
> very useful to the Asterisk and FreeSWITCH communities.
> 
>   More information on the protocols:
> 
> https://wiki.asterisk.org/wiki/display/AST/Asterisk+Manager+Interface+%28AMI%29
> 
> http://wiki.freeswitch.org/wiki/Mod_event_socket

Those two protocols are indeed made to look like HTTP headers. Have you tried to
make the following settings in the HTTP preferences:
enable "Reassemble HTTP headers..."
disable "Reassemble HTTP bodies..."

and add the TCP ports you're interested to the list. Now of course those
protocols will be shown as HTTP, but it should give some results. If that
doesn't work well, you'll have to look into your own custom dissector.

-- 
---> Dirk Jagdmann
----> http://cubic.org/~doj
-----> http://llg.cubic.org

Follow-Ups:
- Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
  - From: Kristian Kielhofner

References:
- [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
  - From: Kristian Kielhofner

Prev by Date: Re: [Wireshark-dev] error while doing "make rpm-package" on wireshark latest trunk
Next by Date: Re: [Wireshark-dev] RFD: The Future of Memory Management in Wireshark
Previous by thread: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
Next by thread: Re: [Wireshark-dev] Asterisk AMI and FreeSWITCH ESL dissectors
Index(es):
- Date
- Thread