Ask Your Question
0

Forcing decode of 'invalid' RTCP and RTP version

asked 2023-08-14 21:18:24 +0000

madsci77 gravatar image

Hi,

I'm working on debugging a new implementation of a semi-proprietary VoIP system that uses RTP and RTCP. It doesn't introduce any new fields or anything as far as I can tell, though it repurposes some fields in weird ways. The trouble is that it identifies its RTP packets as version 1 and RTCP as version 3, which causes the dissector to quit and not attempt decoding.

Is there any way I can force this? Or any way to modify just the dissector without having to set up the entire build environment for Wireshark? Or can I bribe someone who already has the environment set up to build me a version that forces both of these to be treated as version 2?

Thanks!

Scott

edit retag flag offensive close merge delete

Comments

"having to set up the entire build environment" varies by operating system.
(Chapter 2. Setup and Build Instructions)
Windows is a lot of steps but if you use the choco commands it goes pretty quick.

Or you can fork Wireshark on Github (https://github.com/wireshark/wireshark) and that comes with build actions. (My fork for testing Github actions: https://github.com/bubbasnmp/wireshark)

You could then modify the dissector in Github and it will build a Windows installer package.

Chuckc gravatar imageChuckc ( 2023-08-14 21:46:43 +0000 )edit

Aha! Thank you for that! I'm an embedded systems developer and we're always like 10-15 years behind on development tools. I never use github other than for occasionally sharing some open source firmware projects and it didn't occur to me that I could build a forked repo like that. Took me 30 seconds of editing code and 45 minutes of tinkering with git and github, but I've got a build that parses the packets properly.

Thanks again!

madsci77 gravatar imagemadsci77 ( 2023-08-14 23:21:09 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-08-15 06:57:30 +0000

Jaap gravatar image

Is there any way I can force this?

As for the dissector this is an unknown protocol version it cannot be forced to dissect this.

For the other questions about building a derived version of Wireshark, see the comments below the question.

edit flag offensive delete link more

Comments

That's my point, the protocol isn't actually different - it just has a different version number, and it changes the meaning of some fields but not their format or names. I've got it working now, though. Only took about two lines of code.

madsci77 gravatar imagemadsci77 ( 2023-08-15 15:39:44 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-08-14 21:18:24 +0000

Seen: 180 times

Last updated: Aug 15 '23