Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] .mp3 decode?
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 08 Jul 2008 16:39:21 -0400
Malcolm Herbert wrote:
Actually I'm interested in looking at the MPEG stream for an audio streaming project I'm working on - using a tool like wireshark which is built for packet inspection is a great bonus ... :) I had another shot at opening an MP3 file this morning from my Windows host at work using 1.0.0 that I installed yesterday but I get the same response - although I specify the file type to be 'MPEG (*.mpeg;*.mpg;*.mp3)' the 'Format:' field says that WireShark is detecting the file as an 'I4B ISDN trace'. Other MP3 files I have aredetected as 'CSIDS IPlog' ...In both cases the decoded packet traces are a hash of bizarrely brokenprotocols and packet fragments ...Any thoughts?
Sounds like either the MP3 or those other wiretap modules' (or both) heuristics are broken, er, not good enough.
I tried with some MP3s I had here and, sure enough, a lot of them showed up as "I4B ISDN trace". That wiretap module has a fairly limited heuristic check which could probably be improved. I'd suggest you open a bug to track the problem.
(OTOH that module hasn't been updated substantially since 1999 and there aren't any sample captures on the Wiki. Oh, OK, I did find one here: http://ethereal.netmirror.org/lists/ethereal-dev/199912/msg00248.html )
- Follow-Ups:
- Re: [Wireshark-users] .mp3 decode?
- From: Jeff Morriss
- Re: [Wireshark-users] .mp3 decode?
- Prev by Date: Re: [Wireshark-users] MTP2 HSL Capture filtering
- Next by Date: [Wireshark-users] GUI Version of Wireshark on RHEL4
- Previous by thread: Re: [Wireshark-users] Capturing TCP Retransmissions
- Next by thread: Re: [Wireshark-users] .mp3 decode?
- Index(es):