Skip to main content

Posts

Showing posts from 2025

A rudimentary dissector for Wireshark (Lua)

  Wireshark offers a simple but effective option to extend its capabilities, by using Lua dissectors . Just to give an example, recently received a pcap file containing some traffic (it was RTP) encapsulated inside a UDP header. The reason for encapsulation was transporting over a VPN. I'm in such a habit to look into RTP streams on Wireshark, that I have a setting that tells it to try an interpret any UDP packet automatically as carrying RTP ( I wrote how here ). That also failed. So Wireshark was not able to interpret those frames as RTP (or anything else, for what matters), and I remembered time ago writing a custom dissector. Wireshark allows to do that simply in Lua and add it as a plugin. The code is available here . I just had to make it available inside '$HOME/.local/lib/wireshark/plugins/`.
Read more

It's not a sprint

You’ve surely heard at least once in your life somebody saying “Calm down: it’s not a sprint, it’s a marathon”. People use this phrase to try and slow things down, but it misses the point. The first misconception is that a marathon is something you do slowly. A marathon is fast; it’s just as fast as possible for that athlete in that moment. Most people couldn’t hold an elite marathoner’s pace for even 100 meters. It’s a marathon, but it’s not slow. It’s easy to make a point that running a marathon is tough, not just for the distance but for the speed you try to keep. What’s maybe harder to see is that a marathon is much easier than many life challenges. You can simply prepare for a marathon. You get to the starting line with months or years of preparation. You tried progressively longer and tougher sessions, simulating the marathon effort. That’s a privilege. Many hurdles you’ll face in life will just appear in front of you while you were thinking of something else. A marathon has a fi...
Read more

Decrypt SDES SRTP from pcap

If you have a pcap file with encrypted RTP (SDES SRTP) and have access to the SIP signalling to see the keys, these instructions will help you decrypt the RTP payload and save it as raw audio. Optionally, depending on the codec, you can then import the raw audio in Wireshark and save it as an audio file. Steps
Read more