Re: Asterisk AMI and FreeSWITCH ESL dissectors

[Dirk Jagdmann <doj () cubic org>]

>   Has anyone investigated developing Asterisk AMI and FreeSWITCH ESL
> Wireshark dissectors?  They're both fairly simple protocols and the
> current telnet dissector *kind of* works but I need TCP reassembly to
> work properly for both.  It seems like Wireshark dissectors would be
> very useful to the Asterisk and FreeSWITCH communities.
>
>   More information on the protocols:
>
> https://wiki.asterisk.org/wiki/display/AST/Asterisk+Manager+Interface+%28AMI%29
>
> http://wiki.freeswitch.org/wiki/Mod_event_socket

Those two protocols are indeed made to look like HTTP headers. Have you tried to
make the following settings in the HTTP preferences:
enable "Reassemble HTTP headers..."
disable "Reassemble HTTP bodies..."

and add the TCP ports you're interested to the list. Now of course those
protocols will be shown as HTTP, but it should give some results. If that
doesn't work well, you'll have to look into your own custom dissector.

-- 
---> Dirk Jagdmann
----> http://cubic.org/~doj
-----> http://llg.cubic.org
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe