Hey guys, I wanna dissect data from rtp body. I tried this first with adding my defined protocol to the UDP table like that:
The dissection works fine but unfortunately just for the specified Port I tried another way which seems to be the better one because in this case it is independent from the UDP port. I registered a postdissector for checking againnst each packet:
Now the buffer has the lnegth of the whole frame (ethernet header + ip header + udp header + rtp header + rtp content). So for each of my fields I have to add the offset length of e.g. 42 Bytes (14 + 20 + 8). My problem is now that ethernet frame as well as the ip packets having not everytime a static lnegth. Is there a way to check if the buffer contains a rtp packet and to check the header length of ethernet / IP? Or is there mybe a way to use my first option but without any fixed port? Thanks in advance. Best regards, Danny asked 13 Mar ‘17, 23:19 Danny Koppen… edited 13 Mar ‘17, 23:35 |
One Answer:
You should look into registering for answered 14 Mar '17, 09:50 Jaap ♦ |
Thank you, this info helps me a lot. I found a solution which looks basically like this: https://github.com/FOXNEOAdvancedTechnology/RFC4175-dissector/blob/master/RFC-4175.lua
Best regards, Danny