Wireshark mailing list archives
Re: Skype protocol dissector
From: Joerg Mayer <jmayer () loplof de>
Date: Fri, 10 Aug 2012 10:59:33 +0200
Hello Matthias, On Thu, Aug 09, 2012 at 10:47:56AM +0200, Matthias Bock wrote:
there is a project at GitHub, uncovering the protocol structure of Skype. Currently only UDP is documented (there is also a TCP component somehow). https://github.com/matthiasbock/OpenSkype/wiki/Skype's-UDP-Format Documentation is not completed, but quite far and dissecting (and decrypting) pcap captures using Python on the console already works. The "next step" would be to implement a Wireshark dissector for "SkypeUDP". I have no idea, how to do this ... Anybody here who would like to help me? ;-)
I have the absolute beginning in place. So far there is no crc verification of decryption. If the crc is calculated before decryption then I can add this as well. I do have a problem with the decryption: The skype_rc4.[hc] code is copyrighted in a way that's incompatible with Wireshark's license (GPLv2+). I can't find a working address of the author to ask him whether he would be willing to relicense his code to GPLv2+. While I could always make it possible to use the files if they are present for people who do the compilation for themselves, this is not a solution that makes me happy. Can you please try to get me a contact address of the author so I may ask him or get the author to upload a relicensed version? I will continue to add crc and decryption in the mean time. Here's what I have done so far: ------------------------------------------------------------------------ r44416 | jmayer | 2012-08-10 10:35:21 +0200 (Fr, 10 Aug 2012) | 3 lines Looks like some packets in the sample trace have type 0, so add Unknown_0 to the mix ------------------------------------------------------------------------ r44415 | jmayer | 2012-08-10 10:08:50 +0200 (Fr, 10 Aug 2012) | 3 lines The packet id seems to be only 16 bits. The "extra" 4 bits may be a subtype or additional information for the type. ------------------------------------------------------------------------ r44412 | jmayer | 2012-08-10 02:35:00 +0200 (Fr, 10 Aug 2012) | 2 lines Beginnings of a Skype dissector. Requires "decode as". ------------------------------------------------------------------------ Feel free to look at the code and comment on it either in text form or (even better) in patch form. Also, please take a look at our wiki page: http://wiki.wireshark.org/Skype Ciao Jörg -- Joerg Mayer <jmayer () loplof de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Skype protocol dissector Matthias Bock (Aug 09)
- Re: Skype protocol dissector Tyson Key (Aug 09)
- Re: Skype protocol dissector Joerg Mayer (Aug 09)
- Re: Skype protocol dissector Jeff Morriss (Aug 09)
- Re: Skype protocol dissector Joerg Mayer (Aug 10)