[Solved] How to translate Wireshark info into rtmpdump command?

[NobodyHere]

Hello.

I"m running Linux, and I'm using Wireshark to find the info on certain video streams. A waaaaays back, I had done this by pausing & playing the video while looking for the RTMP invoke message.

Now that I've found the appropriate info in the 'follow TCP packet' screen, I can't remember how to input this into rtmpdump.

Could someone show me an example of how to enter the commands found by Wireshark into rtmpdump from say this video?

http://www.viki.com/channels/5453-killer-k/videos/51483

This is one of the videos I had successfully dumped about a year back using this method. All I did to download the 480p version was switch "5837_KillerK_002_360p.mp4" to "5837_KillerK_002_480p.mp4".

Because I had only done the procedure once or twice, I'm unable to remember exactly how I got the overall parameters right.

Any help would be appreciated.

[NobodyHere]

Okay.

1. I started Wireshark.
2. Under Start, I selected my capture interface (eth0 for myself)
3. In the "Filter" field/box, I typed "rtmpt", and hit enter. You may need to use "rtmp", or "rtmpe" instead.
4. Went to my web browser, and started playing the video. I paused, and resumed, it several times.
5. I found those instances of the video being played, or paused, under the "Info" column on Wireshark. For this example, I used a "pauseRaw ()" event under the "Info" section.
6. I right clicked on that event, and chose "Follow TCP Stream".
7. I did a "Find" search in the "Follow TCP Stream" output window for "rtmp", or "play". It took me to the relevant section here.

Quote:

"................connect.?..........app...0035 4A/videos/encoded/KillerK..flashVer...LNX 11,2,202,238..swfUrl..Ohttp://a2.vikiassets.com/assets./vikiplayer-e61eac67f28f27fdf570431ec48ac230.swf..tcUrl..=rtmp ://fms.354a.edgecastcdn.net/00354A/videos/encoded/KillerK..fpad.....capabilities.@m........audioCode cs.@.........videoCodecs.@o.......
videoFunction.?.........pageUrl..@http://www.viki.com/channe.ls/5453-killer-k/videos/51483?id=51483..objectEncoding.@.................. .....&%..............&%................ ................_result.?..........fmsVer..
FMS/4,5,2,517..capabilities.@o........mode.?.......... ...level...status..code...NetConnection.Connect.Su ccess..description...Connection succeeded...objectEncoding.@.........data.......ve rsion...4,5,2,517.........
.........&%................onBWDone..........C.+0. .......createStream.@........B.....
.........................._result.@.........?..... ....+B..D.........play.............mp4:5837_Killer K_002_360p.mp4............@....................... ......................... ..................................onStatus........ .....level...status..code...NetStream.Play.Reset.. description..0Playing and resetting

8. Here is the code I used to successfully download the video. You can compare it to the above output to see what I used.

Quote:

rtmpdump -r rtmp://fms.354a.edgecastcdn.net/00354A/videos/encoded/KillerK -p 'http://www.viki.com/channe.ls/5453-killer-k/videos/51483?id=51483' -y mp4:5837_KillerK_002_360p.mp4 -a 00354A/videos/encoded/KillerK -f 'LNX 11,2,202,238' -s http://a2.vikiassets.com/assets./vik...1ec48ac230.swf -o /run/media/root/5837_KillerK_002_360p.mp4.flv

The only thing I did differently than what the man pages marked the parameters for was use the tcURL rtmp link with the "-r" parameter instead of the "-t" parameter.

Quote:

NAME
rtmpdump - RTMP streaming media client

SYNOPSIS
rtmpdump -r url [-n hostname] [-c port] [-l protocol] [-S hostort]
[-a app] [-t tcUrl] [-p pageUrl] [-s swfUrl] [-f flashVer] [-u auth]
[-C conndata] [-y playpath] [-Y] [-v] [-d subscription] [-e] [-k skip]
[-A start] [-B stop] [-b buffer] [-m timeout] [-T key] [-j JSON]
[-w swfHash] [-x swfSize] [-W swfUrl] [-X swfAge] [-o output] [-#] [-q]
[-V] [-z]
rtmpdump -h

BTW - You can simply switch out the 360p with 480p in the file-name. This doesn't work on some sites where video has multiple resolutions.

[svnpenn]

Easier

Code:

$ rtmp-host.sh
Killed flash player for clean dump.
Restart video then press enter here

127.0.0.1 fms.354a.edgecastcdn.net
127.0.0.1 s3w2wjf1m963j4.cloudfront.net
127.0.0.1 viikiifvs.cdnetworks.net
Press enter to start RtmpSrv, then restart video.

RTMP Server v2.4-41-g7bae82a
(c) 2010 Andrej Stepanchuk, Howard Chu; license: GPL

Streaming on rtmp://0.0.0.0:1935
WARNING: Trying different position for client digest!
Closing connection... done!

RTMPDump v2.4-41-g7bae82a
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
0
8
Exiting
rtmpdump -r "rtmp://fms.354a.edgecastcdn.net/00354A/videos/encoded/KillerK" -a "
00354A/videos/encoded/KillerK" -f "WIN 11,3,300,257" -W "http://a2.vikiassets.co
m/assets/vikiplayer-e61eac67f28f27fdf570431ec48ac230.swf" -p "http://www.viki.co
m/channels/5453-killer-k/videos/51483" -y "mp4:5837_KillerK_002_360p.mp4" -o mp4
_5837_KillerK_002_360p.flv
RTMPDump v2.4-41-g7bae82a
(c) 2010 Andrej Stepanchuk, Howard Chu, The Flvstreamer Team; license: GPL
Connecting ...
INFO: Connected...
Starting download at: 0.000 kB
INFO: Metadata:
INFO:   duration              4046.49
INFO:   moovPosition          32.00
INFO:   width                 640.00
INFO:   height                360.00
INFO:   videocodecid          avc1
INFO:   audiocodecid          mp4a
INFO:   avcprofile            66.00
INFO:   avclevel              30.00
INFO:   aacaot                2.00
INFO:   videoframerate        29.97
INFO:   audiosamplerate       48000.00
INFO:   audiochannels         2.00
INFO: trackinfo:
INFO:   length                121391270.00
INFO:   timescale             30000.00
INFO:   language              und
INFO: sampledescription:
INFO:   sampletype            avc1
INFO:   length                194231296.00
INFO:   timescale             48000.00
INFO:   language              und
INFO: sampledescription:
INFO:   sampletype            mp4a
1152.627 kB / 8.04 sec (0.1%)

[NobodyHere]

Does your script work in Linux yet? Also it'd be nice if it could just dump the required command to a text, or the terminal/console, for manual copy-pasting. Like I mentioned above, you can switch the 360 with 480 in the file name.

With the exception of your modem/device being supported, this Wireshark method should also work consistently across Windows, and Linux platforms.

I don't believe current Windows OSes can capture from USB 3G/4G (dongle) modems. I actually use one, so I can confirm that Windows 7 doesn't. It works fine from Linux.

[tempy]

Bro. Use Mediabox, it runs portably, run it first then head to the site, pop up will show as soon as you hit play, click it then right click, download by blader, boom. No need to use rtmpdump for these type of soft flash protocols. rtmpdump is only useful for the latest hard a** streams lately which I have been struggling.

[evol]

MediaBox is built round RTMPDump just like there other program Coojah 6.

[tempy]

Yea, I figured. Seems to me that there's a new wave of algorithms rolling out from Ooyala. Tough stuff recently.