This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

No H.225 in packet “decode as”

1

Hi,

When trying to decode a packet, H.225 is not on the list. (H.223 appears twice). How can I decode a packet as H.225?

Thanks, Chicco

asked 29 Dec '13, 07:55

chicco's gravatar image

chicco
26113
accept rate: 0%


One Answer:

0

AFIAK the 'decode as' feature for the transport layer (TCP/UDP) only works if a dissector adds itself to the UDP/TCP port dissector table. Now, the H.225 dissector registers itself for UDP ports 1718 and 1719 , so you won't see H.225 in the list of 'decode as' protocols if you try it with TCP ('H.223 is shown twice' indicates that you've tried TCP).

BTW: Why do you need to decode a TCP frame directly as H.225? Wireshark should be able to detect H.225 if it is used in the right context.

Regards
Kurt

answered 30 Dec '13, 12:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks for your prompt answer Kurt.

UDP 1719 is relevant only for RAS messages while H.225 also uses TCP over other ports. One example why need it: There are systems that tunnels all H.323 messages over one port (Security purposes) so WireShark can't decode them and it needs the users input (Decode as) in order to recognize what type is each packet.

Thanks, Chicco

(30 Dec '13, 22:06) chicco