Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Should payload dissectors' (RTP) packets depend on call-setup dissectors' (SIP) packets?

From: Andreas Sikkema <h323 () ramdyne nl>
Date: Sat, 02 Jun 2012 13:25:39 +0200
On 6/1/12 22:42 , Gerald Combs wrote:

On 6/1/12 1:15 PM, Jeff Morriss wrote:

Though I am nervous about this whole packet-dependency thing causing
users to say "I filtered on RTP and you saved my SIP too!"


A few months ago I talked to someone who complained that Wireshark
*didn't* do that. In his case it would've been useful to see related
ARPs when filtering down to a TCP stream.



Yes, but where does one stop going down that route? For RTP initiated by
SIP one might want to be able to save the related SIP messages. For RTP
initiated by H.323 it already needs H.225 and H.245, for some of the
UMTS/3G protocols there's probably loads more involved. If you want
context for a call IMHO it is up to the user to provide the context
using capture/display filters. Not all context can be provided by
conversations.

Providing some information about heuristic/"decode as" frames I can see
as being useful. That would be along the path of least surprise.


-- 
Andreas Sikkema
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: