Hi, I am analyzing VoIP communications using Spectralink. Wireshark successfully detects IP protocol 119 as Spectralink, unluckily it's not able to dissect the data payload. Since there is no encryption, we can see the RTP contents in the bytes detail, but it's really hard to create filters on multiple conversations based on theses HEX values. Even if the SRP protocol is quite old, it's still widely used today. I've searched through the site, nobody never created a SRP dissector? There might be multiple variations, but I've found a common one with 42 bytes overhead, including 2-byte trailer Regards, Laurent asked 09 Sep '11, 11:42  yul_analyzer |
2 Answers:
You could wip a LUA dissector together to get the data from the IP proto 119 packets to the RTP dissector. answered 09 Sep '11, 14:13  Jaap ♦ |
Without a specification for the Spectralink Radio Protocol, nobody can create an SRP dissector! Even if such a protocol specification is available, nobody's likely to create it unless either 1) they have the specification and they need the dissector or 2) they have the specification, they're bored, and they don't have anything more fun to do than write a dissector for the protocol. :-) answered 09 Sep '11, 23:03  Guy Harris ♦♦ |
I might try to create a basic dissector, is it possible to call a dissector inside one? ie. inside the SRP dissector, check if the data payload is recognized e.g as a RTP payload?
Yes. I'll leave it to you to do the "inside the SRP dissector, check if the data payload is recognized e.g as a RTP payload", but, to call the RTP dissector for that:
in your dissector's register_handoff routine, get a handle for the RTP dissector with
find_dissector("rtp");when your dissector wants to dissect payload as RTP, construct a tvbuff for the data payload and use
call_dissector()using the handle you got fromfind_dissector().