I have written a plugin for amf and its dissects amf traffic from tv.adobe.com successfully. But it doesn't dissects the amf messages generated by Blazer(AMF message generator). I don't know whether wireshark is able to capture those message ??????? asked 31 Oct '12, 23:39  Akhil wikified 01 Nov '12, 21:09 |
2 Answers:
Wireshark, on the trunk of the SVN repository, now dissects AMF messages, and handles AMF3. answered 16 Nov '12, 14:32  Guy Harris ♦♦ |
not being able to dissect and not being able to capture the traffic are very different issues. So, if you see the packets, but your dissector cannot decode them, it's a problem with your dissector. It might not work for every AMF message, as you did not implement all features. If you don't see the packtes, there is something wrong with your capture setup (packets not passing the capturing machine) or the AMF message generator (packets not being sent to the network). Regards answered 01 Nov '12, 02:23  Kurt Knochner ♦ |
Or Wireshark not (yet) having an AMF message dissector ("AMF message" as documented in 4.1.3 "AMF Message" in the AMF3 specification) and/or not (yet) having anything registered for the media type "application/x-amf" and/or not (yet) dissecting AMF encoding when it switches from AMF0 to AMF3.
isn't that dissector what @Akhil wrote himself?
That might be one dissector, but it's never been submitted for inclusion in the official source.
However, I was thinking of the dissector that I just checked in, and which I was working on at the time (and which dissects AMF messages, registers that dissector for the media type "application/x-amf", and adds AMF3 support - all developed from the AMF specs, so the specs are usable for developing dissectors...).