H323 Message Parse

asked 2020-12-09

irem

updated 2020-12-09 16:07:49 +0000

How Wireshark parses H225 and H 245 messages? I can not find any information in ITU documents. I do not understand tree structure of H225 messages because there is no stable structure, message types are optional.

I would be appreciated if anyone help me. Best Regards.

1 Answer

answered 2020-12-10

Anders

Hi, I'm not sure I understand, if you look at

  protocolIdentifier             ProtocolIdentifier,
  h245Address                    TransportAddress OPTIONAL,
  sourceAddress                  SEQUENCE OF AliasAddress OPTIONAL,

It's encoded using ASN1 PER encoding rules. If you have a trace try "edit->preferences->protocols-per" Check the box "show internal PER structures". You also need to take a look at:

 Abstract Syntax Notation One (ASN.1) X.680–X.699 specifications 
and particulary:
  ITU-T Rec. X.691 | ISO/IEC 8825-2: Specification of Packed Encoding Rules (PER)
It was very helpful information for me sir. Thank you very much.

irem ( 2020-12-10 )

