Wireshark-users: [Wireshark-users] Saving the UDP stream from a wireshark capture session
Hi all,
Now obviously, my ignorance is evident here. I captured all the
packets on the wire and want to save just the UDP stream into a raw
binary file. The UDP itself contains RTP which contains an H.264
video bitstream. I am interested in this H.264 stream which is carried
as per RFC 3984.
However, the RTP payload can have one or more NAL units as per the RFC
(STAP, FU, MTAP and so forth). So I am going to write a simple parser
to extract the raw elementary video stream from the RTP payload. I
cannot just save the RTP payload in Wireshark since my parser needs to
know the size (length) of each packet's payload and the raw file
doesn't have that.
So I though of saving the UDP packets since the UDP header has the
length field after Source/Destination ports and before the Checksum. I
can then strip the RTP headers and parse the RTP payload and extract
the H.264 bitstream. However, I just can't figure out how to save the
UDP packets with the headers. I can save the UDP payload if I do
"Analyze -> Follow Stream" but that saves the payload only, without
headers. I don't want the Ethernet and IP headers since that would be
another level of detail to understand and then write code to strip
out.
Sorry for being so stupid but I just can't seem to figure this one out...
Anirud