Taking a quick look I discovered that there is http://www.minisip.org/index.html that uses MIKEY (an SDP extension?) and SRTP.
MICKEY was recently added to wireshark (post 0.99.5) and it should carry all the information necessary to setup an SRTP conversation. It should be fasable to modify both srtp and mickey to have mickey setup srtp conversations much like sdp does with plain rtp. L. On 3/22/07, Neil Piercy <[EMAIL PROTECTED]> wrote: > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Luis Ontanon > > > What about heuristics? > > is there some sort of magic we can use to determine if it is SRTP? > > is there a checksum or similar info we can check? > > The trouble with SRTP is basically a worse case than the trouble with > all RTP profiles: they assume out-of-band signalling to have occurred to > allow the receiver to decode them. > > In the case of SRTP there is a default SRTP profile which has a standard > encryption and authentication algorithm, standard authentication tag > size and standard (zero) MKI size, but there is no way to know whether > any application has overridden the defaults by heuristics short of brute > force trying of different tag sizes and algorithms. There are > already 2 defined encryption algorithms, and the non-default one is in > common usage too. > > Really it needs almost "per stream" preferences - maybe as well as the > right-click "Decode As..." we should have a "Configure this protocol > with...", and a dialogue to allow e.g. the user to enter a decryption > key, tag sizes etc which are saved in the conversatin data for the > protocol and used to redissect it. Is this perhaps a general problem for > other protocols too (e.g. SSL keys) ? I suspect some of the other > preferences should really be per stream but we get away with them > because captures commonly show many streams with the same prerences > (e.g. SCCP is ITU or ANSI - rarely seen together!). > > Regards, > Neil > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
