Wireshark-users: Re: [Wireshark-users] capturing msn web cam traffic with wireshark.
On Apr 18, 2007, at 6:43 PM, Wonkyun*^^* Lee wrote:
but i cannot capture any of these things with msn messenger video
conversation, is it b/c it's encrypted?
all i see was just 'udp' protocol saying nothing..
That doesn't necessarily mean you can't *capture* them. It could just
mean that Wireshark can't *dissect* them; it might have no dissector
for whatever protocol MSN Messenger is using, or it might not
recognize the traffic as being MSN Messenger video traffic.
According to this page:
http://www.hypothetic.org/docs/msn/client/invitation_types.php
the protocol it uses is RTP, for which Wireshark has a dissector.
However, RTP doesn't have a standard port number, so Wireshark can't
recognize RTP traffic based on the UDP port number; it would either
have to be told that a particular session is RTP traffic, or look at
the packet and try to guess whether it's RTP traffic or not.
To tell Wireshark that traffic to or from a particular port is RTP
traffic, select one of the UDP packets by clicking on it, and then
select "Dceode As..." from the "Analyze" menu. Tell it to dissect
traffic to or from one of the given transport-layer ports as RTP.
To get it to try to guess whether traffic is RTP traffic or not,
select "Preferences" from the "Edit" menu, open up the "Protocols"
list, select "RTP" from the list, turn on the "Try to decode RTP
outside of conversations" option, and click "OK".
That doesn't guarantee that it'll recognize the codec, however.
I also tryed with SKYPE, but i know that it uses their own codec, so
there
is no way to capture video frames, and analyze them.
It's possible to capture those frames with Wireshark (or TShark, or
tcpdump/WinDump, or...). It's not possible to *analyze* them in
Wireshark or TShark without a dissector being written for the protocol
it uses and for the codec it uses.
