sipcapture / hep-wireshark Goto Github PK

Hi,
I installed the hep.lua plugin in Wireshark but I can't decode HEP2 packages:
I got this error:

I'm using the Wireshark version 2.2.8 in OS X.

Thanks in advance,
Roberto

Hi, we've tried to use this dissector to debug new implementation of the HEPv3 client, but it seems to be lacking any even basic boundary/sanity checks, causing wireshark to hang solid while dissecting small capture (attached). This severely limits its usefulness for such use cases as well could lead to problems while processing large number of real-world packets, as wire errors do happen in real life.

cap.zip

For chunk_type, 00000011, I suggest you handle it as a normal payload even if it shows jibberish, because right now it gets stuck in an infinite loop and hangs wireshark.

As this is a derivative work of Wireshark, you need to use a GPL2-compatible license (see https://wiki.wireshark.org/Lua).

The dissector is created referencing udp.port, which doesn't allow it to be used when HEP is over TCP.

Hello!

Below is the config from Kamailio (it has Public and Private interfaces) and tcpdump parameters:

modparam("siptrace", "duplicate_uri", "sip:127.0.0.1:9060")
modparam("siptrace", "hep_mode_on", 1)
modparam("siptrace", "trace_to_database", 0)
modparam("siptrace", "trace_flag", 22)
modparam("siptrace", "trace_on", 1)
modparam("siptrace", "hep_version",2)

If I use sngrep, it shows well.
sngrep -d lo -L udp:127.0.0.1:9060 -c

If I collect trace with tcpdump, Wireshark shows only two parties in the conversation (which packets came from).
tcpdump -i lo port 9060 -w /home/sngrep/hepv2.pcap

But in HEP packet payload IPs are present.

PS. I suspect that the problem is not related to your plugin, but maybe you know solution

HEP3/HTTP2 cases needed in 5G worlds.