I've been asked to develop a program to capture H.323 packets transmitting through my network adapter. After one day searching in Google, I'm still confused about what really H323 is! Is it a protocol or it is a standard and a bunch of protocols?
As its wikipedia page explains, it is not a protocol itself:
H.323 is a recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols to provide audio-visual communication sessions on any packet network.
We have almost the same explanation in this tutorial:
When dealing with H.323, it is good to realize that it is not a single protocol but rather an entire group of protocols.
And again in the its Wireshark wikipedia page we have:
H.323 "Packet-based multimedia communications systems" refers to a family of VoIP protocols including H225 and H245,...
and
As H.323 isn't a protocol itself, you cannot filter on it. But you can filter on H245 and H225.
Despite from above explanations, we have a valid filter in Wireshark for H323:
I also found here and there people searching for tools supporting h323 protocol and its dissectors to detect packets of this protocol in network traffic.
Here it is called a protocol again:
The H.323 protocol is used for Voice Over IP (VOIP), Microsoft NetMeeting and countless other applications.
So:
1- what is H323? Is it a protocol itself or a standard that defines bunch of protocols?
2- If it is a protocol itself, is there any RFC for it that I can read to develop a detector for this protocol?
3- I found articles that compare SIP with H323. As far as I know, and as it is documented in RFC 3550, SIP is a protocol itself. Can I conclude that the H323 is a protocol too? (Because regularly we compare objects of same type with each other! (i.e. a single protocol like SIP will compared to a single protocol instead of a standard!)). Or I must conclude that SIP is a family too. I mean is SIP a protocol family and a single protocol too?
Its actually both:
H.323commonly referrs to a set of ITU standards defining a protocol for VoIP (H.225,H.245,Q.931, etc.).Some of those standards existed before, some have newly been created for it. One of these new standards, the one that explains how they are to used in this new context, is called
H.323.Since the message format is used from other standarads (eg. H.225) and H.323 only defined the procedures when and how to use them, Wireshark doesn't have a H.323 filter, but one for H.225.