I have 2 PCs each running X-Lite 4.O softphones in combination with ZFONE v0.92 build 218. Both are connected to an Asterix Softswitch. A PC is running Fedora with Wireshark 1.4 able to decode SRTP packets(In preferences, "Try to decode RTP outside of conversation" etc..) with filter applied for SIP, RTP and SRTP. This PC is connected in bridge mode between the Asterix and one of the softphone PC.
I have the following strange behaviour: As per ZFONE Displays, secure connection can be established between both parties. The call flow reported by Wireshark is inline with ZRTP IETF specs BUT no SRTP packets are visible (only RTP packets are exchanged between the parties.)
I first though that wireshark is not able to decode SRTP packets at all. Hence, I replaced the X-lite phones with eyeBeam: in fact, SRTP is not supported natively by X-lite and I wanted to force SRTP traffic to be exchanged (eyeBeam does support TLS/SRTP) I deactivated ZFONE and initated a call: SRTP packets were reported.
Who can help ? the ZFONE is intended to generate a shared secret which is then used to generate keys and salt for a Secure RTP (SRTP)
asked 25 Sep '10, 14:46
If you look closely at the initial RTP packets in the ZFONE session, you'll see they're odd. You have to set the preferences for the RTP dissector to see these type 0 packets as ZRTP packets.
Furthermore the RTP dissector can't really see that RTP packets are really SRTP packets when looking at the packets themselves, it has to be taken from the session signaling. This is done from the SIP/SDP dissector, but not from the ZRTP dissector.
You could file an enhancement bug, with sample captures of your ZRTP session, so this can be added to Wireshark. (I would love to see some captures :-) )
answered 25 Sep '10, 22:53