My Windows-7 machine received UDP packet which further trace by wireshark , my first UDP packet start with data "2c991002" and this is correct data which i am expecting. same exercise i am doing on fedora-5 machine and show my first UDP packet start with data "043dd720" why this data differ is linux based wireshark have different data representation scheme...? please help me out... asked 03 Jan '13, 03:34  kaushal |
3 Answers:
If those aren't the exact same packet, captured at the exact same time, this may just mean that those two packets have different contents; there's no difference in the data representation in capture files on Wireshark and Linux. answered 03 Jan '13, 12:05  Guy Harris ♦♦ Hello Harris, Thanking you for your reply, i have repetitively do this exercise , i mean giving data to windows based Wireshark and then Fedora core-5 based Wireshark, but i got the different result, Data source remain the same for both Exercise. can you suggest what are the possible resion. (03 Jan '13, 19:38) kaushal Can you post the two packets somewhere? by "Data" you mean the actual UDP payload, correct? (03 Jan '13, 20:04) hansangb i have .pcap files from both machine ...as i am new user on this forum ...please tell me how to i attached these two file on this post (03 Jan '13, 21:58) kaushal From Window-7 0000 bc 30 5b e7 b6 7e 00 08 dc 15 ce e3 08 00 45 00 0060 66 c2 72 bb bf 4a cb 51 3b 3e b3 96 4c 6f f8 55 from Fedora Core-5 0000 00 0f 20 74 8a 7e 00 08 dc 15 ce e3 08 00 45 00 (04 Jan '13, 00:32) kaushal Those two packets are totally different.
If you think they should be the same, can you please tell us how you generated them. BTW: The timestamp is different too. So, this is either not a capture you did at the same time (in the VM and on the host), or there is a time difference between the two hosts. Can you please add information if you did the capture at the same time, and thus expected to see the same packet? Regards (04 Jan '13, 00:46) Kurt Knochner ♦ The destination MAC addresses of those packets are also different (bc:30:5b:e7:b6:7e vs. 00:0f:20:74:8a:7e), as are the destination IP addresses, and most of the data in the UDP payload. Perhaps the program/machine that is sending those packets is sending different data to different destination machines. What is the program/machine that is sending them? (04 Jan '13, 00:49) Guy Harris ♦♦ I have MPEG4 Elementry Bit stream coming out from a MPEG-4 Encoder in UDP format which i stream out to VLC Player. i have full control on encoder, where to send this Data, initially i forward this data toward windows-7 machine and Simultaneously trace the data on wireshark. i got the correct sequence having MPEG-4 Header Sequence that is 0x2C991002,0X409A1002....etc. then i do the same exercise targeting Linux Fedora Core-5 machine ..i mean i stream out my MPEG-4 Data sequence on linux machine and simultaneous trace this data on wireshark but i got different sequence which always start with 0x043d....and this happen again and again. Regards Kaushal (04 Jan '13, 01:21) kaushal So is the sending machine running the MPEG-4 encoder and sending out the UDP packets? And, in both cases, is the same machine sending out the same stream? (You say "stream out my MPEG-4 Data sequence on linux machine" - does that mean that the sending machine is the "linux machine" there?) And is there any negotiation happening between the sending and receiving machine that might cause the encoder to send out a different stream? (04 Jan '13, 01:41) Guy Harris ♦♦ MPEG4 Stream send by a MPEG4 Encoder Card running stand alone, sending unit is not any PC/machine and it work on 100BaseT , linux machine also work at 100BaseT At Encoder end (Video encoder Card) Auto-negotiation is not supported but at linux (PC) end it is there. Regards Kaushal (04 Jan '13, 03:21) kaushal He's talking about media session negotiation, not Ethernet negotiation. If you can post the two captures to cloudshark.org that would be helpful. (04 Jan '13, 04:32) Jaap ♦ showing 5 of 10 show 5 more comments |
-- The captures linked to in the comment in the previous answer are certainly different in detail. That is: the UDP data for the main UDP stream begins as you indicate for each capture. (The captures do, however, both have similar looking patterns of repeated bytes). So; Assuming that the captures are "equivalent" (e.g., that each conversation 'starts at the beginning' it would seem that the MPEG4 may be somehow encoded differently in each case. I've no idea why. (Note: Wireshark just shows the data as it is received on the wire. There's no issue of "linux based wireshark have[ing a] different data representation scheme". -- Based upon the timestamps & your description, each of the captures is of a different session. Also (as you indicate) it seems that the data is being received by a VLC client on each system (first: windows (on x86 32bit or 64bit) (second: Fedora 5 on unknown architecture with an HP NIC). My random comment knowing nothing about MPEG4 and etc. Is there some kind of setup (protocol handshake or something) which must occur between VLC and the encoder before the MPEG4 streaming can begin ? If so, might there something about the setup which controls how the data is sent ? (The captures don't show any setup, but they begin just before the streaming begins ...). answered 06 Jan '13, 22:40  Bill Meier ♦♦ edited 06 Jan '13, 22:42 Hello There, There is No hand Shaking as i am using UDP protocol....., MPEG-4 Encoder continouselly transmitting MPEG4 stream, and time to time it insert the sequence header "2c 99 10 02 40 9a..." for Std. Player like VLC to understand the video sequence. my setup is like MPEG-4 Encoder----->NETWORK----->WINDOWS-7--->WIRE-SHARK + VLC Player VLC player Play Data as wireshark show correct sequence header MPEG-4 Encoder----->NETWORK----->FEDORA-5 --->WIRE-SHARK + VLC Player wireshark show in-correct sequence header regard Kaushal (07 Jan '13, 22:32) kaushal
Continuously transmitting to a broadcast or multicast IP address, or continuously transmitting to one or more specified unicast IP addresses? Obviously, it's not literally "continuous" since the Big Bang, so, if it's transmitting separately to one or more unicast addresses, the two transmissions didn't necessarily start at the exact same time; did you arrange that the MPEG-4 encoder started the transmission to the Windows machine and to the Linux machine at the exact same time? (07 Jan '13, 23:40) Guy Harris ♦♦
some questions:
(08 Jan '13, 01:30) Kurt Knochner ♦ |
Hello There, It continuously transmitting to one machine having specific IP address and POrt. Before Starting my Encoder i have to decide where to stream my Video Data, Either Linux FC5 or Windows 7 machine it is not simultaneously transmitting to both machine. as my VLC player not played continuous Video Stream on Windows Machine so i decide to stream this data on linux machine but in linux machine i found there is no sequence header in received udp header. every time i stream data to linux machine and trace this data through wireshark it show 04 3d in first UDP packet it is suppose to be sequence header that is 2C991002 , as in case of windows-7
answered 08 Jan '13, 20:18 kaushal |
As suggested i have upload the wireshark capture file "on Fedora-5 Machine.pcap" and "on Windows-7 Machine.pcap" for further analysis.
Source (MPEG-4 Encoder card)IP :192.168.1.200 at port 8
Destenation IP:
First UDP packet Contain MPEG-4 Sequence Header (For VLC to understand that this is MPEG4 Video stream): that is
Regards
kaushal
So what are the URLs for those captures? Cloudshark appears to have been designed to be write-only - there's plenty of functionality for uploading, but I can't find any way to browse for captures.
on Fedora-5 Machine.pcap: http://www.cloudshark.org/captures/73078d65a65f
on Windows-7 Machine.pcap: http://www.cloudshark.org/captures/b2c58b18325b