Dissector troubleshooting

asked 2021-02-18 13:49:29 +0000

blopblopblop gravatar image

updated 2021-02-19 17:48:07 +0000

Hello, I'm trying to do some troubleshooting on the rtp-ed137 dissector. When in wireshark, right clicking on a udp packet and decoding as rtp, I can view the rtp info of the packet, but when its a packet that has "No extended information with additional features is used (0)" the very next line is a dropdown for the extended info but it says not used.

However, when there is a packet that uses the additional info, the dropdown menu is gone and is replaced with a "padding" field with a value of "padding: 0800". Is this supposed to happen, or should the dropdown menu still be there but with the additional info?

I am coppying the rtp-ed137.c file to make my own plugin, so I'm hoping to be able to make a change in the dissector because as stated i dont think it is currently working properly.

when i go through all the packets captured they all say they have an extension length of 1, but they should have a length of 32 bits, i think somehow the length of all the packets is put down as 1 which is too short so it gets classified as a padding.

edit retag flag offensive close merge delete