Hello Matthias, On Thu, Aug 09, 2012 at 10:47:56AM +0200, Matthias Bock wrote: > there is a project at GitHub, > uncovering the protocol structure of Skype. > Currently only UDP is documented (there is also > a TCP component somehow). > > https://github.com/matthiasbock/OpenSkype/wiki/Skype's-UDP-Format > > Documentation is not completed, but quite far > and dissecting (and decrypting) pcap captures > using Python on the console already works. > > The "next step" would be to implement a Wireshark > dissector for "SkypeUDP". > > I have no idea, how to do this ... > Anybody here who would like to help me? ;-)
I have the absolute beginning in place. So far there is no crc verification of decryption. If the crc is calculated before decryption then I can add this as well. I do have a problem with the decryption: The skype_rc4.[hc] code is copyrighted in a way that's incompatible with Wireshark's license (GPLv2+). I can't find a working address of the author to ask him whether he would be willing to relicense his code to GPLv2+. While I could always make it possible to use the files if they are present for people who do the compilation for themselves, this is not a solution that makes me happy. Can you please try to get me a contact address of the author so I may ask him or get the author to upload a relicensed version? I will continue to add crc and decryption in the mean time. Here's what I have done so far: ------------------------------------------------------------------------ r44416 | jmayer | 2012-08-10 10:35:21 +0200 (Fr, 10 Aug 2012) | 3 lines Looks like some packets in the sample trace have type 0, so add Unknown_0 to the mix ------------------------------------------------------------------------ r44415 | jmayer | 2012-08-10 10:08:50 +0200 (Fr, 10 Aug 2012) | 3 lines The packet id seems to be only 16 bits. The "extra" 4 bits may be a subtype or additional information for the type. ------------------------------------------------------------------------ r44412 | jmayer | 2012-08-10 02:35:00 +0200 (Fr, 10 Aug 2012) | 2 lines Beginnings of a Skype dissector. Requires "decode as". ------------------------------------------------------------------------ Feel free to look at the code and comment on it either in text form or (even better) in patch form. Also, please take a look at our wiki page: http://wiki.wireshark.org/Skype Ciao Jörg -- Joerg Mayer <[email protected]> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
