Wireshark mailing list archives

Re: Skype protocol dissector

From: Joerg Mayer <jmayer () loplof de>
Date: Fri, 10 Aug 2012 10:59:33 +0200

Hello Matthias,

On Thu, Aug 09, 2012 at 10:47:56AM +0200, Matthias Bock wrote:

there is a project at GitHub,
uncovering the protocol structure of Skype.
Currently only UDP is documented (there is also
a TCP component somehow).

https://github.com/matthiasbock/OpenSkype/wiki/Skype's-UDP-Format

Documentation is not completed, but quite far
and dissecting (and decrypting) pcap captures
using Python on the console already works.

The "next step" would be to implement a Wireshark
dissector for "SkypeUDP".

I have no idea, how to do this ...
Anybody here who would like to help me? ;-)


I have the absolute beginning in place. So far there is no crc verification
of decryption. If the crc is calculated before decryption then I can add this
as well. I do have a problem with the decryption: The skype_rc4.[hc] code
is copyrighted in a way that's incompatible with Wireshark's license (GPLv2+).
I can't find a working address of the author to ask him whether he would be
willing to relicense his code to GPLv2+. While I could always make it possible
to use the files if they are present for people who do the compilation for
themselves, this is not a solution that makes me happy.
Can you please try to get me a contact address of the author so I may ask
him or get the author to upload a relicensed version? I will continue to add
crc and decryption in the mean time.

Here's what I have done so far:

------------------------------------------------------------------------
r44416 | jmayer | 2012-08-10 10:35:21 +0200 (Fr, 10 Aug 2012) | 3 lines

Looks like some packets in the sample trace have type 0,
so add Unknown_0 to the mix

------------------------------------------------------------------------
r44415 | jmayer | 2012-08-10 10:08:50 +0200 (Fr, 10 Aug 2012) | 3 lines

The packet id seems to be only 16 bits. The "extra" 4 bits
may be a subtype or additional information for the type.

------------------------------------------------------------------------
r44412 | jmayer | 2012-08-10 02:35:00 +0200 (Fr, 10 Aug 2012) | 2 lines

Beginnings of a Skype dissector. Requires "decode as".

------------------------------------------------------------------------

Feel free to look at the code and comment on it either in text form or
(even better) in patch form.

Also, please take a look at our wiki page: http://wiki.wireshark.org/Skype

Ciao
     Jörg

-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Skype protocol dissector Matthias Bock (Aug 09)
- Re: Skype protocol dissector Tyson Key (Aug 09)
- Re: Skype protocol dissector Joerg Mayer (Aug 09)
  - Re: Skype protocol dissector Jeff Morriss (Aug 09)
- Re: Skype protocol dissector Joerg Mayer (Aug 10)