RTMPDumpHelper for Linux ? (or How To: Wireshark instead)

[jb721]

If somebody could write a simple command line utility for Linux that does what RTMPDumpHelper does for Windows (only for Linux), that would be super.

For some reason rtmpsuck and rtmpsrv haven't given me any output on the live streams that I want (maybe I'm doing it wrong but I'm pretty good at reading and following simple directions). It is possible to get all the rtmpdump command parameters needed from Wireshark, but it kinda sucks.

The following is the finished rtmpdump command with an explanation of where to get the info from Wireshark below (this works for me on Ubuntu Linux. Your mileage may vary):

Code:

rtmpdump -v -r "rtmp://178.162.211.231/zenex" -a "zenex" -f "LNX 17,0,0,134" -W http://www.zenexplayer.com/data/scripts/fplayer.swf" -p "http://www.zenexplayer.com/embedplayer/sfsdfsdfsfs/1/600/400" -C S:OK -y "sfsdfsdfsfs?id=14943" -K "goVideStambolSoseBardovci" -o "/home/jb/New/The.Five.`date +%Y.%m.%d`.flv" -B 3660

-v (or --live) use one of these options for live broadcasts
-r "rtmp://x.x.x.x/something" (tcUrl) from Handshake C2 Connect (more on this below)
-a "app" (app) from Handshake C2 Connect
-f "LNX 17,0,0,134" (flashVer) from Handshake C2 Connect
-W "http://site.com/player.swf" (swfUrl) from Handshake C2 Connect
-p "http://site.com/600/400" (pageUrl) from Handshake C2 Connect
-C S:OK I assume "OK" AMF0 string (after C2 AMF0 object inside the Handshake C2 Connect)
-y "blahblah?id=12345" from "play" AMF3 command
-K "somebullspit" typically from the first AMF3 command
-o "[/path/to/]filename.flv" output file name
-B 3600 length of time to record in seconds

You'll have to expand several levels inside the packet in Wireshark to get the info you want:


Handshake C2 Connect: apply Wireshark filter rtmpt.handshake.c2 and get down into the 'connect' body's object (as seen in image above).

AMF3 Command: apply Wireshark filter rtmpt.header.typeid == 0x11 The first one contain's your -K parameter. The play('something') contains your -y parameter.

There are plenty of Wireshark guides out there but all you really need to know is that the fastest way to get started is to install Wireshark, open a terminal, run dumpcap as root on whatever interface you're using (on my laptop's WiFi interface, I would use sudo dumpcap -i wlan0) then go to your web browser and start the stream that you want, let the video start, then go back to the terminal window and ^C (CTRL+C) to stop dumpcap. You have to change the owner of the file that dumpcap created from root to your user (sudo chown your-username /tmp/wireshark_something...). Then run Wireshark and open the file that dumpcap created (typically /tmp/wireshark_pcapng_wlan0_...).

Bonus:

Code:

-o "/path/to/MyShow.`date +%Y.%m.%d`.flv"

will create /path/to/MyShow.2015.03.30.flv with a handy date stamp in the file name. I like this because I set up a crontab to record a show every weekday (like a ghetto DVR).

Happy Wiresharking