This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Define a custom RTP header Extensions

0

Hello, I hope you can help me a little bit I have a RTP Protocol with a RTP Header Extensions. I have some UDP streams recorded and now I would like to decode as RTP with my RTP Header Extensions. Wireshark decode the main RTP Header correct. But he doesn’t know my Header Extensions.

What is now the best way to add code to Wireshark so that Wireshark can read my RTP Header Extensions. I have read a lot about lua, but I have no Idea how I can build such a lua script.

Must I build my own Wireshark with the C code or is this with lua possible? I would like to have stable Version 1.10.6. I thing with lua I must build a protocol dissector. But know that ands a little bit.

I have tried it like this but I fail:

local myfirstHeaderExtensionValue        = ProtoField. ?  -- i would like 2 bits that are calles MYSTUFF
dns.fields = {myfirstHeaderExtensionValue}
function dns.dissector(tvbuf,pktinfo,root){ ???}

Have a nice Day

asked 11 Mar '14, 09:50

Alias_alias's gravatar image

Alias_alias
21558
accept rate: 0%

edited 11 Mar '14, 10:39

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

1

If you want to do this in Lua, I suggest you don't dissect all of RTP - it's a lot of work and you'd be missing out on the features RTP provides like media playback and such.

Instead, I believe you can create a dissector just for the RTP header extension, and register it into the DissectorTable for "rtp.hdr_ext". For example, instead of doing this:

local udp_encap_table = DissectorTable.get("udp.port")
udp_encap_table:add(udp_port_number, my_rtp_proto)

Do this:

local rtp_hdrext_table = DissectorTable.get("rtp.hdr_ext")
rtp_hdrext_table:add(rtp_header_extension_number, my_rtp_proto)

But the beginning part of creating your protocol dissector and fields and such (what you were trying to do in your example post I think) takes longer to explain. Did you read the comments in the dissector.lua file found through the Lua examples wiki page? If they're not clear enough, let me know and I'll try to update them. The purpose of all the comments was to try to explain why things were being done, because it is definitely confusing to new folks.

Do you have a sample capture file with your RTP packets that you can post on cloudshark or someplace?

answered 11 Mar '14, 10:30

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%