Hi, I have a network dump with a RTMP stream but it's transported over UDP rather then TCP, so Wireshark seems not to be able to decode the RTMP stream. I've tried also to decode the packages manual, but there is no option for RTMP when selecting a UDP packet. I'm using the current stable version 1.6.8 and I tried the 1.8.0rc1 as well. Is there any possibility to decode an RTMP stream transported over UDP with Wireshark? UDPATE: Maybe it's more like Secure Real-Time Media Flow Protocol (RTMFP). Sorry, I can't post a capture but here is a screenshot from the connection setup I think: asked 08 Jun '12, 04:20  rick28 edited 08 Jun '12, 10:34  helloworld |
One Answer:
If you talk about the Adobe protocol (Real Time Messaging Protocol - RTMP), that is only defined for TCP. The Wireshark RTMPT dissector (packet-rtmpt.c) can only dissect RTMP over TCP or over HTTP. If you have RTMP encapsulated in UDP, that would be kind of strange, as nobody should be doing that. If you want to dissect RTMP over UDP, you'll have to enhance the RTMPT dissector, or write your own dissector in Lua: How comes RTMP is encapsulated in UDP? Can you post a sample capture? UPDATE:
That sounds reasonable, at least the port matches. Unfortunately there is no RTMFP dissector available in wireshark. Furthermore, there seems to be no public RTMFP spec available, so writing a fully compliant dissector might be difficult. The protocol supports encryption, which might pose another problem.
However, there is an open source project called OpenRTMFP
Based on that code, it might be possible to develop a dissector (encryption would still be a problem). Regards answered 08 Jun '12, 05:37  Kurt Knochner ♦ edited 08 Jun '12, 10:58 |
