> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Luis Ontanon
> What about heuristics? > is there some sort of magic we can use to determine if it is SRTP? > is there a checksum or similar info we can check? The trouble with SRTP is basically a worse case than the trouble with all RTP profiles: they assume out-of-band signalling to have occurred to allow the receiver to decode them. In the case of SRTP there is a default SRTP profile which has a standard encryption and authentication algorithm, standard authentication tag size and standard (zero) MKI size, but there is no way to know whether any application has overridden the defaults by heuristics short of brute force trying of different tag sizes and algorithms. There are already 2 defined encryption algorithms, and the non-default one is in common usage too. Really it needs almost "per stream" preferences - maybe as well as the right-click "Decode As..." we should have a "Configure this protocol with...", and a dialogue to allow e.g. the user to enter a decryption key, tag sizes etc which are saved in the conversatin data for the protocol and used to redissect it. Is this perhaps a general problem for other protocols too (e.g. SSL keys) ? I suspect some of the other preferences should really be per stream but we get away with them because captures commonly show many streams with the same prerences (e.g. SCCP is ITU or ANSI - rarely seen together!). Regards, Neil _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
