I am trying to do signature analysis, but all pcap files of h225,h245 and iax2 are encrypted and on net I have not found anything that can help me for getting their signatures. I want to get something like
DESCRIBE rtsp://tmlab-share2/WMLoad.asf RTSP/1.0
User-Agent: WMPlayer/9.0.0.3060
Accept: application/sdp
Accept-Charset: UTF-8, *;q=0.1
X-Accept-Authentication: Negotiate, NTLM, Digest, Basic
Accept-Language: en-US, *;q=0.1
But I have found nothing like this that can tell me some specific strings.
I just want to know something that can be used in signature. I saw some signatures on net here but these are for Linux's Netfilter subsystem, and these are not working for me.