Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] MPEG2TS over UPD not decoded
From: "Jake Peavy" <djstunks@xxxxxxxxx>
Date: Mon, 3 Dec 2007 14:45:59 -0700
On 12/3/07, maurizio simoni <mau2000.sim@xxxxxxxxx> wrote:
MPEG2TS can be also detected in a heuristic way if transported over UDP.
These are some rules that can be applied:
1) UDP payload length must be a multiple of 188 (usually a UDP packet contains an integer number of TS packets, where each TS packet is 188 bytes).
2) The first octet of each TS packet inside the UDP payload must be equal to 0x47 (sync byte)
3) At least 2 or 3 consecutives UDP packets satisfying rules 1) and 2) onthe same IP address and UDP port.
I see heuristic detection of MPEGTS as a Step 2 of this process.
In the meantime I have no problem manually instructing Wireshark to Decode As... but the question remains - how to have Wireshark dissect MPEGTS payloads in UDP encapsulated streams? Nobody has answered this question. MPEGTS is not in the list of available dissectors though it works "out of the box" on RTP encapsulated streams.
--
-jp
Chuck Norris once went on Celebrity Jeopardy and answered, "Who is Chuck Norris?" to every question. It was the first and only time in Jeopardy history that a contestant answered every single question right.
- Follow-Ups:
- Re: [Wireshark-users] MPEG2TS over UPD not decoded
- From: Jaap Keuter
- Re: [Wireshark-users] MPEG2TS over UPD not decoded
- References:
- Re: [Wireshark-users] MPEG2TS over UPD not decoded
- From: maurizio simoni
- Re: [Wireshark-users] MPEG2TS over UPD not decoded
- Prev by Date: [Wireshark-users] IEEE 802.11 wpa-pwd seems to break if I add a time reference (using 0.99.6)
- Next by Date: Re: [Wireshark-users] docsis problems
- Previous by thread: Re: [Wireshark-users] MPEG2TS over UPD not decoded
- Next by thread: Re: [Wireshark-users] MPEG2TS over UPD not decoded
- Index(es):