Hi Jirka, On Mon, Dec 19, 2016 at 10:57:08AM +0100, Jirka Novak wrote: > Hello, > > I'm looking for repository/library with packet samples suitable for > developers. I found a lot of repositories over the Internet, but they > just contain samples and you are able to find protocols used in sample > (e.g. RTP). > As developer when I change part of code, I should retest it with as > much samples as possible to verify whether change works fine with my > sample (why I'm doing a change) and if I didn't break old functionality.
For a basic testing framework, have a look at https://github.com/wireshark/happy-shark To-do: populate the test/ directory with lots of specific samples :-) > Therefore I should be able to select samples which are relevant to my > change and be able to verify whether it is evaluated as expected. > > To be able to do so, samples should be commented/documented in two ways: > 1) What sample contains > 2) How it should be decoded/shown in Wireshark > > There are a few ideas (I'm working in voice area): > > - Sample contains full regular SIP session, with SDP, with related RTP. > RTP is dynamic payload described in SDP. > - SIP session should be shown > - SDP should be decoded > - RTP should be decoded as described in SDP > - Sample contains rejected SIP session because of XXX > - SIP session should be shown > - SIP calls view should show call as failed > - Sample contains RTP call with extended header XXX > - RTP header should be decoded as ... > - Call Flow should show bit XXX in RTP stream > - Sample contains RTSP session from XXX with RTP media in UDP > - sample should be decoded > - RTP should be decoded as described in Transport header > - Sample contains RTP stream with missing packets > - sample should be decoded > - RTP Stream Analysis should show sequence error > > In other words, there should be attached specification for Wireshark > developer, how the sample should be processed. Therefore it can be > verified later by man or engine (maybe in future :-)). This is a scenario that is probably worth adding to test/ (in the Wireshark source tree) if it is not too large. The SampleCaptures wiki contains some (synthetic/real-world) SIP and RTP captures, but it is not really in a machine-readable format: https://wiki.wireshark.org/SampleCaptures#SIP_and_RTP Feel free to upload your captures there though :-) > It is obvious that same sample can be used for multiple purposes - > e.g. RTSP with RTP sample can be used for testing RTPS and for RTP too. > Specification can be changed during time. Therefore it should be easy > editable. > > Does anyone know about something I'm looking for? I think that happy-shark (which uses PDML output with a XSL post-processor) does what you want. In case a dissector checks for the pinfo->visited flag, you have to run pcaps through both: - tshark -r some.pcap -Tpdml - tshark -r some.pcap -Tpdml -2 -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
