Advanced stream recording using WiresharkHello.
I have an IPTV device hooked up to my television and I'm curious to know where the streams are coming from. I was able to capture the raw packets from the IPTV device wirelessly using Pirni (for iPhone) and I have a lot of RTMPT traffic in the capture. Problem is I am not seeing enough information to be able to play the streams on my computer. I can see the "Connect" to their server. But the "Playpath" parameter seems to be encrypted. For example: I see a Connect to 'rtmp://91.232.136.6:1935/sedge' ![]() Then I see a Create Stream. ![]() Then a FCSubscribe with "String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI=' ![]() and finally the Play with String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI=' ![]() The "Play" string looks like the Playpath but it seems to be encrypted. When I drop this in rtmpdump I get the following: Code:
C:\rtmpdump>rtmpdump -r "rtmp://91.232.136.6:1935/sedge" -y "AKuOuDtzNHyvwotDemO What's interesting is the RTMPDUMP output is exposing the following (highlighted in blue above): rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/not-found Any idea how I can get this FCSubscribe and the actual Playpath? I feel like I'm almost there, just need some help to finish the last mile. Thanks in advance. |
Re: Advanced stream recording using WiresharkWhen I did a search for this rtmp server in blue above I came across another post on this forum and the guy found the following:
rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/mux-udp-388 Ok now forgetting everything above, when I try rtmpdump for just this stream it WORKS but only plays for a few seconds. Here is the output: Code:
C:\rtmpdump>rtmpdump -r "rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/mux-u Any thoughts on how to make it play consistently? Ideas? |
Re: Advanced stream recording using WiresharkQuote:
|
Re: Advanced stream recording using WiresharkQuote:
Sure. Again the stream is right here: rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/mux-udp-388 Here is another: rtmp://us-origin.zaaptv.com:1935/origin/_definst_/mux-udp-144 This is from an IPTV set-top-box. So there is no website to speak of. The previous post was describing my efforts to try to capture streams from the set-top-box by inspecting a wireshark trace manually. It appears the stream is encrypted. So again, in that instance I have no website or stream to speak of (yet). Thanks for your help. |
Re: Advanced stream recording using WiresharkQuote:
Normally if you were using a computer with Firefox the handshake is captured in the RAM, under the process plugin-container.exe. From there you can dump the memory of that process using ProcDump. It creates a file called plugin-container.dmp. This file contains a capture of the process memory, which in turn includes the RTMP handshake as well as first part of the video. You cannot capture the video data because it is encrypted, but you can capture the handshake, which is in plain text. From the file you could do a simple grep command Code:
grep swf plugin-container.dmp |
Re: Advanced stream recording using WiresharkQuote:
Hi Steven. I have the "handshake" from the network trace, and these are RTMP packets. There is "Handshake C2" and "Handshake C0+C1". Is that going to help? ![]() ![]() |
Re: Advanced stream recording using WiresharkQuote:
in a file, so that it can be parsed. |
Re: Advanced stream recording using WiresharkHello Professionals
How can i hooked my IPTV to pc I got 2usb Slot Network Slot HDMI slot i tired with wireshark but nö sucess |
louis vuitton handbagshttp://www.ladiesreplicahandbags.com/ replica lv handbags
|
Re: louis vuitton handbagswhat is replica lv handbags ???
|
All times are GMT -6. The time now is 09:29 PM. |