This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

ZRTP

The official description of ZRTP is 'Media Path Key Agreement for Secure RTP'. It's a protocol to exchange and verify end-to-end encryption keys for voice communications.

History

ZRTP is being developed by Philip Zimmermann (Mr. PGP), Alan Johnston and Jon Callas as alternative to the various encryption signaling protocols with specifically the End-to-End argument in mind.

Protocol dependencies

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The ZRTP dissector is fully functional. It supports the protocol versions 0.80, 0.85, 0.90, 0.95 and 1.0.

Preference Settings

The dissector has no preference settings. The RTP dissector has to set 'Treat RTP version 0 packets as' to 'Invalid or ZRTP'.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of ZRTP display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter ZRTP protocols while capturing. However, if you know the UDP port used (see above), you can filter on that one.

Discussion