0

I am trying to do signature analysis, but all pcap files of h225,h245 and iax2 are encrypted and on net I have not found anything that can help me for getting their signatures. I want to get something like

DESCRIBE rtsp://tmlab-share2/WMLoad.asf RTSP/1.0
User-Agent: WMPlayer/9.0.0.3060
Accept: application/sdp
Accept-Charset: UTF-8, *;q=0.1
X-Accept-Authentication: Negotiate, NTLM, Digest, Basic
Accept-Language: en-US, *;q=0.1

But I have found nothing like this that can tell me some specific strings.

I just want to know something that can be used in signature. I saw some signatures on net here but these are for Linux's Netfilter subsystem, and these are not working for me.

Csa77
  • 649
  • 13
  • 19
blackfyre
  • 2,549
  • 5
  • 39
  • 58
  • I know that I can not perform signature analysis on an encrypted file but I want to write signatures for un-encrypted file, but I as I do not have any such file, so I can not see that for which patterns I should be looking for, Can any one provide me with such information? – blackfyre Feb 14 '12 at 13:02
  • I have the same issue as you had in the past. Did you have any progress in this project? Did you find any packet format or signature to filter H.225 packets? (Please use @ to mention me) – Ebrahim Ghasemi Aug 30 '16 at 07:43

1 Answers1

1

Are you sure your H.225/H.245 traffic is encrypted ? Or is it just the ASN.1 encoding that doesn't let you see plain text ?

Compare with the sampe Wireshark trace rtp_example.raw.gz at http://wiki.wireshark.org/SampleCaptures

Gene Vincent
  • 5,237
  • 9
  • 50
  • 86
  • I'm already using this pcap file and I am writting : captor2=JpcapCaptor.openFile("E:\\rtp_example.raw"); then packet2=captor2.getPacket(); and then PacketData2=new String(packet2.data); But in this string I'm not getting plain text I'm getting : ��( )@�����ZZ��ZZZZ���Z�����J��ZZ���Z��ZZZ��ZJZZ���Z��ZZ��JZJ – blackfyre Feb 14 '12 at 13:33