what is H.225,h.245 and iax2 message format?Want to do signature analysis but my packets are encrypted

StackOverflow https://stackoverflow.com/questions/9277467

  •  29-04-2021
  •  | 
  •  

Question

I am trying to do signature analysis, but all pcap files of h225,h245 and iax2 are encrypted and on net I have not found anything that can help me for getting their signatures. I want to get something like

DESCRIBE rtsp://tmlab-share2/WMLoad.asf RTSP/1.0
User-Agent: WMPlayer/9.0.0.3060
Accept: application/sdp
Accept-Charset: UTF-8, *;q=0.1
X-Accept-Authentication: Negotiate, NTLM, Digest, Basic
Accept-Language: en-US, *;q=0.1

But I have found nothing like this that can tell me some specific strings.

I just want to know something that can be used in signature. I saw some signatures on net here but these are for Linux's Netfilter subsystem, and these are not working for me.

Was it helpful?

Solution

Are you sure your H.225/H.245 traffic is encrypted ? Or is it just the ASN.1 encoding that doesn't let you see plain text ?

Compare with the sampe Wireshark trace rtp_example.raw.gz at http://wiki.wireshark.org/SampleCaptures

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top