Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: [Wireshark-dev] New dissector for RTMPT

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: metatech <metatech@xxxxxxxxxxxxx>
Date: Sun, 02 Dec 2007 21:20:30 +0100

Hello,

Here is a dissector for the Real Time Messaging Protocol which is used bythe Flash plug-in for the live video streaming with the Adobe FlashCommunication Server.As a dissector for another protocol named "RTMP" already exists inWireshark (AppleTalk protocol) , I took an alternate name for mine (RTMPT).Since the protocol does not have "magic" words but rather has "magic"offsets, I added a field in the private_data passed by the TCP dissectorfor the "ack" sequence number.The RTMP protocol has been extensively reverse engineered by the Red5project but this dissector only has a basic subset of the protocol.

The patch is generated against trunk version of today with the diff command.

I have uploaded in the Wiki a sample of an RTMP conversation(http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=rtmp_sample.tgz)and I ran more than 1100 runs of fuzz testing.

Please commit it.

Regards,

metatech

Attachment: packet-rtmpt-patch.tgz
Description: application/compressed

Follow-Ups:
- Re: [Wireshark-dev] New dissector for RTMPT
  - From: Jeff Morriss

Prev by Date: [Wireshark-dev] Compilation failure: cannot open include file: 'hmac.h' (packet-isakmp.c) / 'des.h' (packet-kerberos.c)
Next by Date: Re: [Wireshark-dev] Filtering using DHCP and SSDP throws error
Previous by thread: Re: [Wireshark-dev] Compilation failure: cannot open include file: 'hmac.h' (packet-isakmp.c) / 'des.h' (packet-kerberos.c)
Next by thread: Re: [Wireshark-dev] New dissector for RTMPT
Index(es):
- Date
- Thread