ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Decoding H.264 stream using Wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anirud <cuteanirud@xxxxxxxxx>
Date: Tue, 20 Jul 2010 10:14:13 -0400
Thanks Jaap. I was able to write some basic dissections for H.264 and
see that the basics work just fine for me. I couldn't get all of the
NALs to parse and display correct trees but I gave  up after that.
Now I want to extract the stream and I will post separately for that.

Gaurav

On Mon, Jul 19, 2010 at 3:46 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> Hi,
>
> If you look a bit further down in the source code, in dissect_h264(),
> you'll see that the dissector handles only a subset of packet types.
> STAP-A (24) is not among them. That's why dissections end there.
>
> Thanks,
> Jaap
>
> On 07/19/2010 09:17 PM, Anirud wrote:
>> Hi all,
>>
>> A newbie question here. I have been using Wireshark for only a couple
>> of days now.  I downloaded the binary 1.2.9 for Windows and managed to
>> capture a few transport packets - UDP containing RTP.  The
>> conversation uses H.264 video bitstream.
>>
>> I instructed Wireshark to "Decode As" ->  "Transport UDP source port(s)
>> as" RTP.  I saw that the payload-type is DynamicRTP-Type-96 so then in
>> the Edit->Preferences-Protocols-H264, I selected the payload type as
>> 96.
>>
>> This really helped me and I could see the packet headers and even the
>> payload.  However, I am unable to dissect the H264 bitstream.
>> Wireshark shows something like follows and doesn't go inside the "H264
>> bitstream".  I downloaded the source for Wireshark and found
>> wireshark-1.2.9/epan/dissectors/packet-h264.c which suggests that I
>> should be able to see the syntax elements and various other fields as
>> well.
>>
>> Obviously, I am doing something wrong and/or stupid.  Please advice.
>> Any pointers greatly appreciated.
>> Thanks and regards,
>> Anirud
>> --------- One selected packet was exported to text file as follows --------
>>
>> Real-Time Transport Protocol
>>      10.. .... = Version: RFC 1889 Version (2)
>>      ..0. .... = Padding: False
>>      ...1 .... = Extension: True
>>      .... 0000 = Contributing source identifiers count: 0
>>      0... .... = Marker: False
>>      Payload type: DynamicRTP-Type-96 (96)
>>      Sequence number: 35525
>>      Timestamp: 2966614680
>>      Synchronization Source identifier: 0x00000001 (1)
>>      Defined by profile: 48862
>>      Extension length: 3
>>      Header extensions
>>          Header extension: 1711276032
>>          Header extension: 2615214809
>>          Header extension: 1912602625
>> H.264
>>      NAL unit header or first byte of the payload
>>          0... .... = F bit: No bit errors or other syntax violations
>>          .01. .... = Nal_ref_idc (NRI): 1
>>          ...1 1000 = Type: STAP-A (24)
>>      H264 bitstream
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube