Wireshark-dev: Re: [Wireshark-dev] Skype protocol dissector
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 10 Aug 2012 10:59:33 +0200
Hello Matthias,

On Thu, Aug 09, 2012 at 10:47:56AM +0200, Matthias Bock wrote:
> there is a project at GitHub,
> uncovering the protocol structure of Skype.
> Currently only UDP is documented (there is also
> a TCP component somehow).
> 
> https://github.com/matthiasbock/OpenSkype/wiki/Skype's-UDP-Format
> 
> Documentation is not completed, but quite far
> and dissecting (and decrypting) pcap captures
> using Python on the console already works.
> 
> The "next step" would be to implement a Wireshark
> dissector for "SkypeUDP".
> 
> I have no idea, how to do this ...
> Anybody here who would like to help me? ;-)

I have the absolute beginning in place. So far there is no crc verification
of decryption. If the crc is calculated before decryption then I can add this
as well. I do have a problem with the decryption: The skype_rc4.[hc] code
is copyrighted in a way that's incompatible with Wireshark's license (GPLv2+).
I can't find a working address of the author to ask him whether he would be
willing to relicense his code to GPLv2+. While I could always make it possible
to use the files if they are present for people who do the compilation for
themselves, this is not a solution that makes me happy.
Can you please try to get me a contact address of the author so I may ask
him or get the author to upload a relicensed version? I will continue to add
crc and decryption in the mean time.

Here's what I have done so far:

------------------------------------------------------------------------
r44416 | jmayer | 2012-08-10 10:35:21 +0200 (Fr, 10 Aug 2012) | 3 lines

Looks like some packets in the sample trace have type 0,
so add Unknown_0 to the mix

------------------------------------------------------------------------
r44415 | jmayer | 2012-08-10 10:08:50 +0200 (Fr, 10 Aug 2012) | 3 lines

The packet id seems to be only 16 bits. The "extra" 4 bits
may be a subtype or additional information for the type.

------------------------------------------------------------------------
r44412 | jmayer | 2012-08-10 02:35:00 +0200 (Fr, 10 Aug 2012) | 2 lines

Beginnings of a Skype dissector. Requires "decode as".

------------------------------------------------------------------------

Feel free to look at the code and comment on it either in text form or
(even better) in patch form.

Also, please take a look at our wiki page: http://wiki.wireshark.org/Skype

Ciao
     Jörg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.