Does Zeek allow to inspect RTP headers?
As far as I see here no RTP analizer has been added yet. So I have an another question regarding this topic. Is there any existing guide or tutorial explaining how I can develop an analizer for a protocol myself or should I just base it on the already existing code?
That's right, there's currently no RTP analyzer. I'd encourage you to swing by the mailing list or drop by the #spicy channel on Slack to inquire further -- if you're game to develop one, this is an excellent contender for the new Spicy protocol analysis framework.
Since new analyzers can be pretty major efforts, it'd be good to discuss the event structure, data types, etc.
