Appearance
Skip to content
Mate/Library
通用协议
TCP
它会为每个 TCP session 创建一个 GoP。如果使用它,它应该是列表中的最后一个。并且 TCP 之上的所有其他 proto 都应使用 Stop=TRUE; 声明,这样在已经有一个正在进行的 GoP 时,就不会创建 TCP PDU。
Action=PduDef; Name=tcp_pdu; Proto=tcp; Transport=ip; addr=ip.addr; port=tcp.port; tcp_start=tcp.flags.syn; tcp_stop=tcp.flags.fin; tcp_stop=tcp.flags.reset; Action=GopDef; Name=tcp_session; On=tcp_pdu; addr; addr; port; port; Action=GopStart; For=tcp_session; tcp_start=1; Action=GopStop; For=tcp_session; tcp_stop=1;DNS
会创建一个 GoP,包含每个 request 及其 response(最终也包括 retransmissions)
Action=PduDef; Name=dns_pdu; Proto=dns; Transport=udp/ip; addr=ip.addr; port=udp.port; dns_id=dns.id; dns_rsp=dns.flags.response;Action=GopDef; Name=dns_req; On=dns_pdu; addr; addr; port!53; dns_id;Action=GopStart; For=dns_req; dns_rsp=0;Action=GopStop; For=dns_req; dns_rsp=1;RADIUS
每个 transaction 一个 Gop
Action=PduDef; Name=radius_pdu; Proto=radius; Transport=udp/ip; addr=ip.addr; port=udp.port; radius_id=radius.id; radius_code=radius.code;Action=GopDef; Name=radius_req; On=radius_pdu; radius_id; addr; addr; port; port;Action=GopStart; For=radius_req; radius_code|1|4|7;Action=GopStop; For=radius_req; radius_code|2|3|5|8|9;RTSP
Action=PduDef; Name=rtsp_pdu; Proto=rtsp; Transport=tcp/ip; addr=ip.addr; port=tcp.port; rtsp_method=rtsp.method;Action=PduExtra; For=rtsp_pdu; rtsp_ses=rtsp.session; rtsp_url=rtsp.url;Action=GopDef; Name=rtsp_ses; On=rtsp_pdu; addr; addr; port; port;Action=GopStart; For=rtsp_ses; rtsp_method=DESCRIBE;Action=GopStop; For=rtsp_ses; rtsp_method=TEARDOWN;Action=GopExtra; For=rtsp_ses; rtsp_ses; rtsp_url;VoIP/Telephony
除非另有说明,此处的大多数协议定义都会为每个 Call Leg 创建一个 Gop。
ISUP
Action=PduDef; Name=isup_pdu; Proto=isup; Transport=mtp3; mtp3pc=mtp3.dpc; mtp3pc=mtp3.opc; cic=isup.cic; isup_msg=isup.message_type;Action=GopDef; Name=isup_leg; On=isup_pdu; ShowPduTree=TRUE; mtp3pc; mtp3pc; cic;Action=GopStart; For=isup_leg; isup_msg=1;Action=GopStop; For=isup_leg; isup_msg=16;Q931
Action=PduDef; Name=q931_pdu; Proto=q931; Stop=TRUE; Transport=tcp/ip; addr=ip.addr; call_ref=q931.call_ref; q931_msg=q931.message_type;Action=GopDef; Name=q931_leg; On=q931_pdu; addr; addr; call_ref;Action=GopStart; For=q931_leg; q931_msg=5;Action=GopStop; For=q931_leg; q931_msg=90;H225 RAS
Action=PduDef; Name=ras_pdu; Proto=h225.RasMessage; Transport=udp/ip; addr=ip.addr; ras_sn=h225.RequestSeqNum; ras_msg=h225.RasMessage;Action=PduExtra; For=ras_pdu; guid=h225.guid;Action=GopDef; Name=ras_leg; On=ras_pdu; addr; addr; ras_sn;Action=GopStart; For=ras_leg; ras_msg|0|3|6|9|12|15|18|21|26|30;Action=GopStop; For=ras_leg; ras_msg|1|2|4|5|7|8|10|11|13|14|16|17|19|20|22|24|27|28|29|31;Action=GopExtra; For=ras_leg; guid;SIP
Action=PduDef; Proto=sip_pdu; Transport=tcp/ip; addr=ip.addr; port=tcp.port; sip_method=sip.Method; sip_callid=sip.Call-ID; calling=sdp.owner.username;Action=GopDef; Name=sip_leg; On=sip_pdu; addr; addr; port; port;Action=GopStart; For=sip; sip_method=INVITE;Action=GopStop; For=sip; sip_method=BYE;MEGACO
会从每个 transaction 创建一个 Gop
要将它们“绑定”到你的 call 的 GoG,请使用:Action=GogKey; Name=your_call; On=mgc_tr; addr!mgc_addr; megaco_ctx;
Action=PduDef; Name=mgc_pdu; Proto=megaco; Transport=ip; addr=ip.addr; megaco_ctx=megaco.context; megaco_trx=megaco.transid; megaco_msg=megaco.transaction; term=megaco.termid;Action=GopDef; Name=mgc_tr; On=mgc_pdu; addr; addr; megaco_trx;Action=GopStart; For=mgc_tr; megaco_msg|Request|Notify;Action=GopStop; For=mgc_tr; megaco_msg=Reply;Action=GopExtra; For=mgc_tr; term^DS1; megaco_ctx!Choose one;Imported from https://wiki.wireshark.org/Mate/Library on 2020-08-11 23:16:33 UTC
相关 Wireshark Wiki 页面
- Wireshark Wiki 首页Home · 入门与使用