使用pcap过滤sdp数据包
[英]Filtering sdp packets using pcap
问题描述
I want to filter sdp packets to be able to identify the possible sessions initiations for rtp streams. 
我想过滤sdp数据包,以便能够识别rtp流的可能的会话启动。 I'm using pcap library for c++ to read the packets and I would like to write a parser for sdp packets but I don't know which protocols can encapsulate sdp other than SIP and MGCP (I mean after UDP). 我正在使用c ++的pcap库读取数据包,我想为sdp数据包编写解析器,但是我不知道除SIP和MGCP之外,哪些协议可以封装sdp(我的意思是在UDP之后)。 Or If anybody can shed any light on how does wireshark filters/identifys SDP packets. 或者,如果任何人都可以发现wireshark如何过滤/识别SDP数据包。
1 个解决方案
解决方案1
0 已采纳
If we limit ourselves to the protocols over which SDP can directly run, then, if we look at the current master-branch version of Wireshark: 如果我们将自己限制在可以直接运行SDP的协议上,那么,请看一下Wireshark的当前主分支版本:
- any protocol that uses a media type to describe its payload could, in principle, carry SDP, with a media type value of "application/sdp", although I don't know whether, in practice, you'll ever see, for example, SDP-over-HTTP rather than, say, SDP-over-SIP; 任何使用媒体类型描述其有效载荷的协议,原则上都可以带有媒体类型值为“ application / sdp”的SDP,尽管我不知道实际上,您是否会看到例如,即SDP-over-HTTP,而不是SDP-over-SIP;
- the BICC bearer control tunneling protocol, specified in ITU-T Recommendation Q.1990 , can carry SDP, with the Tunneled Protocol Indicator having the value of 0x20 for SDP; ITU-T Q.1990建议书中规定的BICC承载控制隧道协议可以承载SDP,其中SDP的隧道协议指示符值为0x20;
- the Cisco Session Management protocol can carry SDP; 思科会话管理协议可以携带SDP;
- the ISUP (ISDN User Part) protocol can carry SDP; ISUP (ISDN用户部分)协议可以承载SDP;
- the Gateway Control protocol ( RFC 3525 ; an earlier version was called MEGACO) and MGCP ( RFC 3435 ) can carry SDP; 网关控制协议( RFC 3525 ;早期版本称为MEGACO)和MGCP( RFC 3435 )可以承载SDP;
- the Session Announcement Protocol ( RFC 2974 ) can carry SDP. 会话公告协议( RFC 2974 )可以承载SDP。
Which of those you will see in present-day network traffic is another matter. 您将在当今的网络流量中看到哪一个是另一回事。
As for the protocols on top of which those run, well, most of them run on top of TCP or possibly UDP, or on top of something that ultimately runs on top of TCP or possibly UDP, which means that they will then run on top of IPv4 or IPv6, which means that they will then run on top of any link layer that can transport IPv4 or IPv6, meaning Ethernet and 802.11 and PPP and.... 至于运行这些协议的协议,大多数协议都运行在TCP或可能的UDP之上,或者最终运行在TCP或可能的UDP之上的某种协议,这意味着它们随后将运行在顶层IPv4或IPv6,这意味着它们将在可以传输IPv4或IPv6的任何链路层之上运行,这意味着以太网,802.11和PPP等。
However, ISUP, at least, can run on top of old-fashioned telephony networking stacks, such as the Signaling System No. 7 stack; 但是,ISUP至少可以在老式电话网络堆栈之上运行,例如7号信令系统堆栈。 whether it transports SDP when run on those stacks is another matter. 在这些堆栈上运行时,是否传输SDP是另一回事。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.