H.248.1 p. 8.3 (Messages) states: " An H.248.1 entity (MG/MGC) must consistently use the same MID in all messages it originates for the duration of control association with the peer (MGC/MG). "
But using the MID only might not suffice as we'll know only the message sender, there's no simple way to know who's the recipient (we are a protocol analyzer not an MGC or MGw we cannot assume to only receive messages for a specific MGC/MGw). We could create a mapping based on the assumption that if there's a mId for a trxReq the mId of the mess containing the trxReply with the same trxId would be the peer, but that would make even more complex code that is already twisted. BTW. I have used it with packets coming from logs of a MGw, no address whatsoever, just GCP. It worked because all the packets regarded a single MGw that won't duplicate context Ids and trxIds just happened to be unique so the "NONE-NONE" address pair was OK to create unique keys. Luis On 4/11/07, Roger Mahler <[EMAIL PROTECTED]> wrote: > Hi Luis and the other H248 experts > > let me ask differently: > Would it be possible to trace a context entirely by looking just at the H248 > layer? > The mId identifies the originator of a message: (i.e. the MGC in case of > (most of) the Request messages and the MGW in case of (most of) the Reply > messages): > Will I be able to extract exactly my TWO mIds (including transactionId and > contextId) and use these as correlation keys OR (and this is my actual > question) can these mIds change in the course of a call? > > /Roger > > > > Depends, > > once the context is set up lower, higher addresses and context-id. > > if the contextid is choose it uses another table with the > > transactionid instead to bind the first transaction. > > > > in current svn the code used to track the context is in epan/gcp.[ch] > > it was in packet-h248.c till the last release. > > > > > > On 4/6/07, Roger Mahler <[EMAIL PROTECTED] > wrote: > >> Hello > >> > >> what's Wireshark using as key to track contexts in H248? > >> > >> Cheers, > >> Roger > >> > > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
