Wireshark does not recognize RTMP streams

Question

Wireshark does not recognize RTMP streams

I found several examples of RTMP (Real Time Messaging Protocol) snooping with Wireshark on the Internet, but this does not work for me. All RTMPT packets presented as the main TCP packet are as follows:

149 14.324999 85.115.xxx.xxx 192.168.1.20 TCP macromedia-fcs > 54557 [ACK] Seq=1 Ack=1452 Win=69 Len=0

I am using Wireshark 1.2.8 with all protocols installed in Windows Vista.

What can I do to fix this?

thanks!

+7

wireshark tcp streaming rtmp red5

Andrew May 11 '10 at 11:00

source share

1 answer

chr · Accepted Answer · 2010-05-11T11:30:10+0000

WireShark relies on several heuristics to decide how to decode a stream. One of them is the port number.

First element to check: is there RTMP using the standard 1935 port in this capture? If not, tell WireShark how to decode it (see Last Step below).

The second element to check: enable heuristic Edit → Preferences → Protocols → TCP → First try heuristic sub-dissectors .

If all else fails, brute force: right-click one of the packages → Decode As ... → RTMP .

Wireshark does not recognize RTMP streams

More articles: