Audio/video stream recording forums

Attention Visitor:
You may have to register or log in before you can post:
  • Click the register link to sign up.
  • Registered members please fill in the form below and click the "Log in" button.
To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Audio/video stream recording forums > Streaming media recording forum > Video stream recording
Register FAQ Members List Calendar Mark Forums Read

Reply Post New Thread
 
Thread Tools Display Modes
  #1  
Old 02-23-2010, 05:16 AM
carmelo42 carmelo42 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 14
carmelo42 is on a distinguished road
Default

need help with rtmpsuck : iptables


Hello,

So I have the great rtmpsuck on my hardrive.

In the readme file :

Quote:
rtmpsuck - proxy server. See below...

All you need to do is redirect your Flash clients to the machine running this
server and it will dump out all the connect / play parameters that the Flash
client sent. The simplest way to cause the redirect is by editing /etc/hosts
when you know the hostname of the RTMP server, and point it to localhost while
running rtmpsrv on your machine. (This approach should work on any OS; on
Windows you would edit %SystemRoot%\system32\drivers\etc\hosts.)

On Linux you can also use iptables to redirect all outbound RTMP traffic. You
need to be running as root in order to use the iptables command.

In my original plan I would have the transparent proxy running as a special
user (e.g. user "proxy"), and regular Flash clients running as any other user.
In that case the proxy would make the connection to the real RTMP server. The
iptables rule would look like this:

iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
-j REDIRECT

A rule like the above will be needed to use rtmpsuck. Note that you should
replace "proxy" in the above command with an account that actually exists
on your machine.

Using it in this mode takes advantage of the Linux support for IP redirects;
in particular it uses a special getsockopt() call to retrieve the original
destination address of the connection. That way the proxy can create the
real outbound connection without any other help from the user. The equivalent
functionality may exist on other OSs but needs more investigation.

(Based on reading the BSD ipfw manpage, this rule ought to work on BSD:

ipfw add 40 fwd 127.0.0.1,1935 tcp from any to any 1935 not uid proxy

Some confirmation from any BSD users would be nice.)

(We have a solution for Windows based on a TDI driver; this is known to
work on Win2K and WinXP but is assumed to not work on Vista or Win7 as the
TDI is no longer used on those OS versions. Also, none of the known
solutions are available as freeware.)

The rtmpsuck command has only one option: "-z" to turn on debug logging.
It listens on port 1935 for RTMP sessions, but you can also redirect other
ports to it as needed (read the iptables docs). It first performs an RTMP
handshake with the client, then waits for the client to send a connect
request. It parses and prints the connect parameters, then makes an
outbound connection to the real RTMP server. It performs an RTMP handshake
with that server, forwards the connect request, and from that point on it
just relays packets back and forth between the two endpoints.

It also checks for a few packets that it treats specially: a play packet
from the client will get parsed so that the playpath can be displayed. It
also handles SWF Verification requests from the server, without forwarding
them to the client. (There would be no point, since the response is tied to
each session's handshake.)

Once the play command is processed, all subsequent audio/video data received
from the server will be written to a file, as well as being delivered back
to the client.

The point of all this, instead of just using a sniffer, is that since rtmpsuck
has performed real handshakes with both the client and the server, it can
negotiate whatever encryption keys are needed and so record the unencrypted
data.
So I understood I have to do something with iptables ...
But I don't now how modify this line :

iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
-j REDIRECT

I have set up a linux boxes (ubuntu) to get it working (since my main box is with mac os x)

Can someone help me ?
Thanks !

Carmelo
Reply With Quote
  #2  
Old 03-04-2010, 09:53 AM
hyc hyc is offline
RTMPdump team
 
Join Date: Dec 2009
Posts: 169
hyc will become famous soon enoughhyc will become famous soon enough
Default

Re: need help with rtmpsuck : iptables


Since you're originally using MacOSX, just use the ipfw example, not the iptables example.
Reply With Quote
Reply Post New Thread
Tags: , , ,



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 10:52 PM.


Powered by All-streaming-media.com; 2006-2011
vB forum hacked with Zoints add-ons