在 Wireshark 中解码 URL
我正在尝试直接连接到 IP 视频服务器(“Nuuo”IP 服务器)的视频流。
他们的说明手册给出了“主页”的 URL,该页面安装了一个可爱的小 ActiveX 控件,用于处理与实际视频服务器的所有交互。
我需要该内部服务器的 URL。 [我不需要 activeX 控件提供的添加控件,并且处于 Internet Explorer 不可用的环境中。 我只想要流]
我尝试了 Wireshark,它捕获了所有数据包,但没有显示不同页面的完整 URL。 [即:如果物理设备位于 212.234.56.456,则无论我连接到主页 (212.234.56.456/home.html)、视频服务器(可能类似于 212.234.56.456/video.amp),它都会显示相同的 URL ),或设备内的任何其他内容。]
尽管费了很多心思并搜索了他们的网站和手册,但我无法理解如何获取服务器的整个 URL。
有人可以指导我查看教程或说明页面 - 或者只是说明如何执行此操作吗?
Wireshark 不一定是解决方案 - 我会很乐意使用其他东西(尝试过 Fiddler,但不知道如何配置它 - 默认情况下它不会捕获任何流量)
谢谢
编辑: 协议是 TCP
视频端口:8000 [服务器中有一个选项可以更改端口。 默认值为 8000]
我正在尝试使用 VLC 或 RealPlayer [用于重新流式传输]之类的东西连接到视频流,而不是它附带的 activeX 控件。 我对 TCP 一无所知,除了它显示在所附数据包中之外。 服务器正在编码为 MPEG 4 [h.264],并且应该流式传输 RTSP://
我读过很多人使用 Axis 服务器成功完成此操作(他们连接到 rtsp://[server-ip-address] :554/axis-media/media.amp(带 VLC),以及 Arecont 服务器 (rtsp://[server-ip-address]/h264.sdp)。 显然,这个页面在我使用的 Nuuo 服务器上不存在,该服务器是为了与 Axis 设备竞争而设计的。
我加载了页面,启动了 Wireshark,然后按下 ActiveXControl 上的播放按钮(启动视频)。 下面是 Wireshark 捕获的第一个数据包 [在许多数据包中,这是对视频的请求]:
No. Time Source Destination Protocol Info
53 7.198090 192.168.1.4 212.143.234.227 TCP 4734 > irdmi [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Frame 53 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jul 8, 2009 13:24:35.008644000
[Time delta from previous captured frame: 0.048542000 seconds]
[Time delta from previous displayed frame: 7.198090000 seconds]
[Time since reference or first frame: 7.198090000 seconds]
Frame Number: 53
Frame Length: 62 bytes
Capture Length: 62 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Intel_66:1e:41 (00:19:d1:66:1e:41), Dst: GigasetC_49:05:10 (00:21:04:49:05:10)
Destination: GigasetC_49:05:10 (00:21:04:49:05:10)
Address: GigasetC_49:05:10 (00:21:04:49:05:10)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Intel_66:1e:41 (00:19:d1:66:1e:41)
Address: Intel_66:1e:41 (00:19:d1:66:1e:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 212.143.234.227 (212.143.234.227)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x816c (33132)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xf83b [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.4 (192.168.1.4)
Destination: 212.143.234.227 (212.143.234.227)
Transmission Control Protocol, Src Port: 4734 (4734), Dst Port: irdmi (8000), Seq: 0, Len: 0
Source port: 4734 (4734)
Destination port: irdmi (8000)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port irdmi]
[Message: Connection establish request (SYN): server port irdmi]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x378c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
I am trying to connect directly to the video stream of an IP video server (the "Nuuo" IP Server).
Their instruction manual gives the URL of the 'home' - a page which installs a cute little activeX control that handles all interaction with the actual video server.
I need the URL of that internal server. [I don't need the added controls offered by the activeX control, and am in an environment where Internet Explorer is not available. I just want the stream]
I tried Wireshark, which captured all the packets, but does not show me the complete URL of the different pages. [ie: if the physical device is at 212.234.56.456, it shows the same URL whether I connect to the home page (212.234.56.456/home.html), to the video server (probably something like 212.234.56.456/video.amp), or to anything else within the device.]
Despite much head-scratching and searching their site and the manual, I cannot understand how to get the whole URL of the server.
Can someone please direct me to a tutorial or page of instructions - or just spell out how to do this?
Wireshark does not have to be the solution - I will happily use something else (tried Fiddler, but don't know to configure it - by default it catches none of this traffic)
Thanks
Edit:
The protocol is TCP
Video port: 8000 [There is an option in the server to change the port. The default is 8000]
I am trying to connect to the video stream using something like VLC or RealPlayer [for the purpose of re-streaming] instead of the activeX control it comes with.
I do NOT KNOW anything about TCP, other than that it shows up in the packet attached.
The server is encoding to MPEG 4 [h.264], and should be streaming RTSP://
I have read of many many people doing this successfully with an Axis server (They connect to rtsp://[server-ip-address]:554/axis-media/media.amp with VLC), and with an Arecont Server (rtsp://[server-ip-address]/h264.sdp). Obviously, this page does not exist on the Nuuo server I am using, which is designed to compete with the Axis device.
I loaded the page, started Wireshark, then pressed the play button on the ActiveXControl (starting the video). Below is the first packet Wireshark caught [of many, it is the request for the video]:
No. Time Source Destination Protocol Info
53 7.198090 192.168.1.4 212.143.234.227 TCP 4734 > irdmi [SYN] Seq=0 Win=65535 Len=0 MSS=1460
Frame 53 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jul 8, 2009 13:24:35.008644000
[Time delta from previous captured frame: 0.048542000 seconds]
[Time delta from previous displayed frame: 7.198090000 seconds]
[Time since reference or first frame: 7.198090000 seconds]
Frame Number: 53
Frame Length: 62 bytes
Capture Length: 62 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Intel_66:1e:41 (00:19:d1:66:1e:41), Dst: GigasetC_49:05:10 (00:21:04:49:05:10)
Destination: GigasetC_49:05:10 (00:21:04:49:05:10)
Address: GigasetC_49:05:10 (00:21:04:49:05:10)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Intel_66:1e:41 (00:19:d1:66:1e:41)
Address: Intel_66:1e:41 (00:19:d1:66:1e:41)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 212.143.234.227 (212.143.234.227)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x816c (33132)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xf83b [correct]
[Good: True]
[Bad : False]
Source: 192.168.1.4 (192.168.1.4)
Destination: 212.143.234.227 (212.143.234.227)
Transmission Control Protocol, Src Port: 4734 (4734), Dst Port: irdmi (8000), Seq: 0, Len: 0
Source port: 4734 (4734)
Destination port: irdmi (8000)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port irdmi]
[Message: Connection establish request (SYN): server port irdmi]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x378c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
真正的答案是在 WireShark 中,您需要进入“分析”菜单,选择“解码为”。 然后在下一个对话框中选择传输。 选择您正在使用的 TCP 端口,然后选择您希望 Wireshark 对其进行解码的方式(右侧)。 如果您选择http,它会显示您的URL(如果您实际上正在使用http)。
您还可以复制数据并将其粘贴到十六进制解码器中,例如 http://home2.paulschou。网/工具/xlate/
The real answer is in WireShark you need to go to the Analyze menu, select "Decode As". Then in the next dialog select Transport. Select the TCP port you are using and then select the way you want Wireshark to decode it (to the right). If you select http, it will show you URL's if in fact you are using http.
You can also copy the data and paste it into a hex decoder like this one http://home2.paulschou.net/tools/xlate/
据我所知,这是来自初始 TCP/IP 握手的 SYN 数据包,并且它还不包含 URL。 你必须捕获更多的数据包(或者如果你使用的是 GUI,则在wireshark 中向下移动)。
如果您打算比较转储,以可重现的模式(打开设备、单击几次操作、关闭电源)捕获较长的片段是一个很好的建议。
As far as I can see, this is SYN packet from initial TCP/IP handshake, and it doesn't contain URL yet. You have to capture a few more packets (or move down in wireshark if you are using gui).
Capturing longer snippets in reproducable pattern (power-on device, click few operations, power-off) is good suggestion if you intend to compare dumps.
Fiddler 不捕获非 HTTP(S) 流量。 您是否有理由相信所讨论的 ActiveX 使用的是 HTTP 而不是直接的 TCP/IP?
Fiddler doesn't capture non-HTTP(S) traffic. Do you have any reason to believe that the ActiveX in question is using HTTP and not straight TCP/IP?