Although I have lots to say about whoever invented this system *@%... I'll keep it short. I am debugging a simple ALG that is trying to open ports and substitute IP's when needed in the H323/H245 flow.
I am trying to understand the meaning of the H.245 PDU, but honestly, RFC's are so easy to digest compared to ITU-T...
So I have the following H.245 Request: 038000012040212000400960864801650304010250c0116000060007b83...
In binary, it becomes:
byte 1
0... extended = no
.00. Request
...0 extended = no???
.... 0011 Type 3
byte 2
.... .... 1000 0000 extended=yes???
byte 3&4
.... .... .... .... 0000 0000 0000 0001 Channel ID = 2 (1+1)
byte 5&6
.... .... .... .... .... .... .... .... 0010 0000 0100 0000 ???
First: I don't understand why byte 2 is not used, or if it is, I have no clue what it means. Also, PER says that encoding of number has to be byte aligned if bigger than 2 bytes, So the channel ID should not need to be byte aligned...
Secondly, Wireshark decodes this has a H235Media (DataType 7). I really don't get where a seven is hidden in there!
I forged some packets with Colasoft and opened them in Wireshark, and it looks like the type of data should be stored in bits 0 of byte 5, and bits 7,6,5 of byte 6 (there are 12 options, so it should be coded on 4 bits). 7 would then be 0111. This pattern appears nowhere!
I figured out that bit 6 of byte 5 indicates whether or not the Port number is present (according to WS), as if I set that bit, bytes 6 and 7 become interpreted as Port number, and the rest seems to be shifted but not by a multiple of 8, of course...
This coding was probably made before computer existed, that is why it is really not computing friendly... Playing with offsets is really a pain...
Thanks a lot for your help!
My first bit of advice would be not to try to decode ASN.1 PER by hand. Decoding PER is even harder than BER. You should let a computer do the decoding to remain sane. Trust Wireshark - it does a very good job with the decoding.
If you really want to dig into the ASN.1, there is a free ASN.1 reference book.