Hi,
I'm using wireshark for RTP analysis. Very often I analyze pcaps where
is no signaling packets therefore Wireshark is not able to recognize RTP
packets and I have to use Decode as for every stream in file. It is
boring work...
My idea is to write a tool which will propose RTP stream candidates. I
would like to allow the tool to check whether packet is really RTP - it
will try to decode one or a few packets as RTP.
I found that I don't know how to do it. There are two issues I identified:
1) How to decode just the specific packet?
There is sequence of calls e.g. in PacketListRecord::dissect() which
decode packet. My understanding is that it decodes current packet where
pcap is positioned and I found no call to "seek" to specific packet by
its number. On the other hand goToPacked do so...
I would like to avoid retap of whole pcap if possible.
2) How to use new Decode as rule temporary?
Decode as dialog saves it to preferences, but I hope there is simpler way.
Can I ask for help and guidance?
Best regards,
Jirka Novak
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
