sergey-safarov
sergey-safarov
You can check [instruction](https://github.com/irontec/sngrep/wiki/Send-HEP-traffic-from-Kamailio-to-local-sngrep) This allows you also to parse TLS encrypted packets (like from text)
@michael2009 could you try [ipdecap](https://loicpefferkorn.net/ipdecap/)
agreed, more correct to support Session-ID according to RFC.
The same approach may be used for DTLS traffic decryption [dtls12-aes128ccm8-dsb.pcapng](https://github.com/wireshark/wireshark/blob/master/test/captures/dtls12-aes128ccm8-dsb.pcapng)
Hi @Kaian I prepared `tls-with-keys.pcapng` with two encrypted calls. 1) with DTLS; 2) without DTLS. Think it will be helpful for testing. [tls-pcap.tar.gz](https://github.com/irontec/sngrep/files/6669596/tls-pcap.tar.gz)
Here is a webRTC traffic example with embedded TLS keys. [WebRTC-client.pcapng.gz](https://github.com/irontec/sngrep/files/6696724/WebRTC-client.pcapng.gz)
Just checked the current master. Tested works as expected. > We may need to truncate IPv6 addresses in Call flow columns because they seem to overlap. yes, looks as this...
Can we open a ticket as a feature request? Just save the `t.38` packet by the port number from SDP without packet parsing.
Could you look [rfc8200 4.5. Fragment Header](https://tools.ietf.org/html/rfc8200#section-4.5) about. > The Fragment header is identified by a Next Header value of 44 in the immediately preceding header and has the following...
As a workaround, I switched to use TCP transport and now can see the whole `INVITE` message.