Auto Decoding of H.225 and H.245 from H.323 captures
For some reason, I cannot figure out the magic of getting Wireshark to auto decode H.225 and H.245 from H.323 captures. I am running 2.4.2 [latest].
Sometimes Wireshark does figure it out on it's own and shows the port TCP:1720 H.225 decoding, and also the TCP:dynamic-port H.245 decoding, but just as often as it succeeds, it does not.
The best way to test this is to try the Wireshark Wiki sample H.323 capture, found here:
https://wiki.wireshark.org/SampleCapt...
https://wiki.wireshark.org/SampleCapt... [direct file link]
If somebody [or Gerald, bless him], could explain how to get this to operate reliably, I would be quite appreciative.
Regards, Cameron Elliott
Your question is a little light on detail. What happens when you look at the referenced file? Does it show H.225 / H.245. If yes, what file does not? If no, do you see at least TPKT after TCP? What happens when you add TCP port 1720 to the TPKT dissector preferences?
Jaap, Thank you for your response. All I see is packets decoded as TCP. With the defaults of 102/102 in the TPKT dissector I see the following: http://take.ms/iZPLz I tried changing the two settings to the following 1720/102, 102/1720, and 1720/1720, no combination causes H225, H245 decoding
> no combination causes H225, H245 decoding no combination causes H225, H245 decoding *of what*. What file are you referring to? Certainly not the one from SampleCaptures, or are you? Remember, we' can't see your capture, nor magically guess what's going on.
Yes, the image I linked to is the file from SampleCaptures, that is why I am so puzzled.
Is this a single instance of Wireshark? Are you using different profiles? is TPKT enabled in all of them?
Okay Jaap, thanks for your help and persistence. I have located the issue. Here is how to reproduce the issue in WS 2.4.2, likely older versions also:
Suggested fix: Create a 'Restore to ...(more)