Wireshark doesnt' recognises RTMP streams

tcp streaming red5 rtmp wireshark
Andrew picture Andrew · May 11, 2010 · Viewed 16.9k times · Source

I found on the web few samples on tracking RTMP (Real Time Messaging Protocol) with Wireshark, but it doesn't work for me. All RTMPT packets rendered as basic TCP packet like this:

149 14.324999   85.115.xxx.xxx  192.168.1.20    TCP macromedia-fcs > 54557 [ACK] Seq=1 Ack=1452 Win=69 Len=0

I'm using Wireshark 1.2.8 with all protocols installed on Windows Vista.

What can i do to fix it?

Thx!

Answer

Christian Garbin picture Christian Garbin · May 11, 2010

WireShark relies on a few heuristics to decide how to decode a stream. One of them is the port number.

The first item to check: is the RTMP using the standard port 1935 in this capture? If not, tell WireShark how to decode it (see last step below).

The second item to check: turn on heuristics Edit → Preferences → Protocols → TCP → Try heuristic sub-dissectors first.

If all else fails, brute force: right-click one of the packets → Decode As... → RTMP.

Related questions

How to force stream RTP video with vlc over tcp protocol?

I'm trying to stream a video via rtp with vlc, the default protocol is UDP, but its performance is very low (bitrate, resolution, smooth,..) So, I want to use vlc with rtp to stream video over tcp protocol to gain …

Read More
Netcat streaming using UDP

I can get netcat to stream a video using TCP {server} cat [movie].avi | nc [client ip address] 65535 {client} nc -l -p 65535 | mplayer - i have tried using the -u command to send via UDP but this doesn't work {server} …

Read More
How can I connect to Android with ADB over TCP?

I am attempting to debug an application on a Motorola Droid, but I am having some difficulty connecting to the device via USB. My development server is a Windows 7 64-bit VM running in Hyper-V, and so I cannot connect directly …

Read More