Wireshark · Wireshark-users: Re: [Wireshark-users] mpeg ts

Wireshark-users: Re: [Wireshark-users] mpeg ts - why info column is empty sometimes

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 10 Sep 2015 13:44:16 -0400

On 08/31/15 14:48, Ran Shalit wrote:

Hello,

I try to analyze mpeg-ts file.
It is strange that the info column is sometimes empty.
Does anyone knows why ?
This is the sample I'm trying to analyze, though I see the issue in
every ts file.
[https://drive.google.com/file/d/0B22GsWueReZTUmJrVGd6WjRSTEU/view?usp=sharing][1]

For the most part the Info column is empty because most of the framesare reassembled into a subsequent frame (you can see that in the PacketDetails). Most other dissectors tell you when they don't do muchdissection because the frame has been reassembled so I submitted achange[1] to do the same in the MP2T dissector.

I also submitted a separate change so the MPEG-PES dissector tells youwhen it encounters an unknown stream or frame type[2] (this accounts fora few of the empty Info columns in that capture file).

Of these two issues, only the latter (unknown streams) might indicatesomething wrong with the data you're analyzing.


[1] https://code.wireshark.org/review/10471
[2] https://code.wireshark.org/review/10472

Prev by Date: Re: [Wireshark-users] Follow TCP stream UX
Next by Date: [Wireshark-users] Debugging intermittent audio dropout with RTP over OpenVPN
Previous by thread: Re: [Wireshark-users] Follow TCP stream UX
Next by thread: [Wireshark-users] Debugging intermittent audio dropout with RTP over OpenVPN
Index(es):
- Date
- Thread