Hi, When trying to decode a packet, H.225 is not on the list. (H.223 appears twice). How can I decode a packet as H.225? Thanks, Chicco asked 29 Dec '13, 07:55 chicco |
One Answer:
AFIAK the 'decode as' feature for the transport layer (TCP/UDP) only works if a dissector adds itself to the UDP/TCP port dissector table. Now, the H.225 dissector registers itself for UDP ports 1718 and 1719 , so you won't see H.225 in the list of 'decode as' protocols if you try it with TCP ('H.223 is shown twice' indicates that you've tried TCP). BTW: Why do you need to decode a TCP frame directly as H.225? Wireshark should be able to detect H.225 if it is used in the right context. Regards answered 30 Dec '13, 12:44 Kurt Knochner ♦ |
Thanks for your prompt answer Kurt.
UDP 1719 is relevant only for RAS messages while H.225 also uses TCP over other ports. One example why need it: There are systems that tunnels all H.323 messages over one port (Security purposes) so WireShark can't decode them and it needs the users input (Decode as) in order to recognize what type is each packet.
Thanks, Chicco