On 12/3/07,
maurizio simoni <
mau2000.sim@xxxxxxxxx> wrote:
MPEG2TS can be also detected in a heuristic way if transported over UDP.
These are some rules that can be applied:
1) UDP payload length must be a multiple of 188 (usually a UDP packet contains an integer number of TS packets, where each TS packet is 188 bytes).
2) The first octet of each TS packet inside the UDP payload must be equal to 0x47 (sync byte)
3) At least 2 or 3 consecutives UDP packets satisfying rules 1) and 2) onthe same IP address and UDP port.
I see heuristic detection of MPEGTS as a Step 2 of this process.
In the meantime I have no problem manually instructing Wireshark to Decode As... but the question remains - how to have Wireshark dissect MPEGTS payloads in UDP encapsulated streams? Nobody has answered this question. MPEGTS is not in the list of available dissectors though it works "out of the box" on RTP encapsulated streams.
--
-jp
Chuck Norris once went on Celebrity Jeopardy and answered, "Who is Chuck Norris?" to every question. It was the first and only time in Jeopardy history that a contestant answered every single question right.
