Audio/video stream recording forums
|
Attention Visitor: |
You may have to register or log in before you can post:
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Advanced stream recording using WiresharkHello.
I have an IPTV device hooked up to my television and I'm curious to know where the streams are coming from. I was able to capture the raw packets from the IPTV device wirelessly using Pirni (for iPhone) and I have a lot of RTMPT traffic in the capture. Problem is I am not seeing enough information to be able to play the streams on my computer. I can see the "Connect" to their server. But the "Playpath" parameter seems to be encrypted. For example: I see a Connect to 'rtmp://91.232.136.6:1935/sedge' Then I see a Create Stream. Then a FCSubscribe with "String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI=' and finally the Play with String 'AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUl BNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V 4b1mMq3FU8OJPEGhIKjbKI=' The "Play" string looks like the Playpath but it seems to be encrypted. When I drop this in rtmpdump I get the following: Code:
C:\rtmpdump>rtmpdump -r "rtmp://91.232.136.6:1935/sedge" -y "AKuOuDtzNHyvwotDemO EietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5Cl afSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI=" -d "A KuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2S UK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJ PEGhIKjbKI=" -v -V | vlc - RTMPDump 2.4 git-6230845 2011-9-25 (c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL WARNING: You haven't specified an output file (-o filename), using stdout DEBUG: Protocol : RTMP DEBUG: Hostname : 91.232.136.6 DEBUG: Port : 1935 DEBUG: Playpath : AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWN oVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMoj qhb7T4V4b1mMq3FU8OJPEGhIKjbKI= DEBUG: tcUrl : rtmp://91.232.136.6:1935/sedge DEBUG: app : sedge DEBUG: subscribepath : AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE 6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N37 1WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI= DEBUG: live : yes DEBUG: timeout : 30 sec DEBUG: Setting buffer time to: 36000000ms Connecting ... DEBUG: RTMP_Connect1, ... connected, handshaking DEBUG: HandShake: Type Answer : 03 DEBUG: HandShake: Server Uptime : 96850052 DEBUG: HandShake: FMS Version : 3.0.1.1 DEBUG: HandShake: Handshaking finished.... DEBUG: RTMP_Connect1, handshaked DEBUG: Invoking connect INFO: Connected... DEBUG: HandleServerBW: server BW = 2500000 DEBUG: HandleClientBW: client BW = 2500000 2 DEBUG: HandleCtrl, received ctrl. type: 0, len: 6 DEBUG: HandleCtrl, Stream Begin 0 DEBUG: HandleChangeChunkSize, received: chunk size change to 4096 DEBUG: RTMP_ClientPacket, received: invoke 259 bytes DEBUG: (object begin) DEBUG: (object begin) DEBUG: Property: <Name: fmsVer, STRING: FMS/3,5,4,210> DEBUG: Property: <Name: capabilities, NUMBER: 31.00> DEBUG: Property: <Name: mode, NUMBER: 1.00> DEBUG: (object end) DEBUG: (object begin) DEBUG: Property: <Name: level, STRING: status> DEBUG: Property: <Name: code, STRING: NetConnection.Connect.Su ccess> DEBUG: Property: <Name: description, STRING: Connection succeeded.> DEBUG: Property: <Name: data, OBJECT> DEBUG: (object begin) DEBUG: Property: <Name: version, STRING: 3,5,4,210> DEBUG: (object end) DEBUG: Property: <Name: clientid, NUMBER: 499847536.00> DEBUG: Property: <Name: objectEncoding, NUMBER: 0.00> DEBUG: (object end) DEBUG: (object end) DEBUG: HandleInvoke, server invoking <_result> DEBUG: HandleInvoke, received result for method call <connect> DEBUG: sending ctrl. type: 0x0003 DEBUG: Invoking createStream DEBUG: FCSubscribe: AKuOuDtzNHyvwotDemOEietAmj4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QB WNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WM ojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI= DEBUG: Invoking FCSubscribe DEBUG: RTMP_ClientPacket, received: invoke 29 bytes DEBUG: (object begin) DEBUG: Property: NULL DEBUG: (object end) DEBUG: HandleInvoke, server invoking <_result> DEBUG: HandleInvoke, received result for method call <createStream> DEBUG: SendPlay, seekTime=0, stopTime=0, sending play: AKuOuDtzNHyvwotDemOEietAm j4OjchYtD1qxn1E4DOKf4JUlBNw5tfQE6QBWNoVxUyuWmW_vaM7VoP2SUK55CI7w7Pz6JOz5ClafSjEK 4MvHOX2l86ggumDKi7WOneCOr_Hd6N371WMojqhb7T4V4b1mMq3FU8OJPEGhIKjbKI= DEBUG: Invoking play DEBUG: sending ctrl. type: 0x0003 DEBUG: RTMP_ClientPacket, received: invoke 142 bytes DEBUG: (object begin) DEBUG: Property: NULL DEBUG: (object begin) DEBUG: Property: <Name: level, STRING: status> DEBUG: Property: <Name: code, STRING: NetStream.Play.Start> DEBUG: Property: <Name: description, STRING: FCSubscribe to stream no t-found.> DEBUG: Property: <Name: clientid, NUMBER: 499847536.00> DEBUG: (object end) DEBUG: (object end) DEBUG: HandleInvoke, server invoking <onFCSubscribe> DEBUG: RTMP_ClientPacket, received: invoke 194 bytes DEBUG: (object begin) DEBUG: Property: NULL DEBUG: (object begin) DEBUG: Property: <Name: level, STRING: status> DEBUG: Property: <Name: code, STRING: NetStream.Play.Unpublish Notify> DEBUG: Property: <Name: description, STRING: rtmp://eu-origin.zaaptv. com:1935/origin/_definst_/not-found is now unpublished.> DEBUG: Property: <Name: clientid, NUMBER: 499847536.00> DEBUG: (object end) DEBUG: (object end) DEBUG: HandleInvoke, server invoking <onStatus> DEBUG: HandleInvoke, onStatus: NetStream.Play.UnpublishNotify DEBUG: Invoking deleteStream DEBUG: Closing connection. What's interesting is the RTMPDUMP output is exposing the following (highlighted in blue above): rtmp://eu-origin.zaaptv.com:1935/origin/_definst_/not-found Any idea how I can get this FCSubscribe and the actual Playpath? I feel like I'm almost there, just need some help to finish the last mile. Thanks in advance. Last edited by avirex : 05-30-2012 at 04:16 PM. Reason: pictures |
Tags: rtmpdump wireshark sniffing |
Thread Tools | |
Display Modes | |
|
|