I've been asked to develop a program to capture H.323 packets transmitting through my network adapter. After one day searching in Google, I'm still confused about what really H323 is! Is it a protocol or it is a standard and a bunch of protocols?
As its wikipedia page explains, it is not a protocol itself:
H.323 is a recommendation from the ITU Telecommunication Standardization Sector (ITU-T) that defines the protocols to provide audio-visual communication sessions on any packet network.
We have almost the same explanation in this tutorial:
When dealing with H.323, it is good to realize that it is not a single protocol but rather an entire group of protocols.
And again in the its Wireshark wikipedia page we have:
H.323 "Packet-based multimedia communications systems" refers to a family of VoIP protocols including H225 and H245,...
and
As H.323 isn't a protocol itself, you cannot filter on it. But you can filter on H245 and H225.
Despite from above explanations, we have a valid filter in Wireshark for H323:
I also found here and there people searching for tools supporting h323 protocol and its dissectors to detect packets of this protocol in network traffic.
Here it is called a protocol again:
The H.323 protocol is used for Voice Over IP (VOIP), Microsoft NetMeeting and countless other applications.
So:
1- what is H323? Is it a protocol itself or a standard that defines bunch of protocols?
2- If it is a protocol itself, is there any RFC for it that I can read to develop a detector for this protocol?
3- I found articles that compare SIP with H323. As far as I know, and as it is documented in RFC 3550, SIP is a protocol itself. Can I conclude that the H323 is a protocol too? (Because regularly we compare objects of same type with each other! (i.e. a single protocol like SIP will compared to a single protocol instead of a standard!)). Or I must conclude that SIP is a family too. I mean is SIP a protocol family and a single protocol too?
