webrtc Testing with Wireshark

Testing with Wireshark

Show Contents

Before You Start

Download and install Wireshark.

Note: On Mac OS you might have to install XQuartz as well (X11 window system).

Starting Wireshark

Make sure to start it with appropriate permissions (admin/root accounts usually have access to the network interfaces). Note: On Mac OS/Unix OS’s you might have to grant read access to the network interfaces (e.g. sudo chmod +r /dev/bpf* works but has to be done after every OS restart) as well, more info can be found here.

Capturing RTP streams

1. Select the network interface currently used for RTP traffic and start a capture.

2. Right click on any package in the capture view and select Decode as.

3. Make sure Both (src/dst port <> src/dst port) is selected in the drop-down menu.

4. On the right scroll down to and select RTP then click OK.

5. RTP packets should now be visible with SSRC details in the info column.

   • If Unknown RTP version 0 appears its most likely not a RTP packet.

   • If Unknown RTP version 1 appears it’s most likely RTP encapsulated in a TURN packet, see the Capturing TURN RTP streams section on how to capture them properly.

6. Go to the Telephony menu and select RTP then Show All Streams.

7. A popup window should appear with lots of RTP streams.

8. The ones we are interested in should have a proper payload type e.g. 100 (VP8 in Chrome), 111 (Opus in Chrome) and 116 (VP8 with FEC in Chrome). Firefox and Opera may have different payload types for VP8 etc.

   • Sorting by number of packets is usually a good approach to filter out the relevant streams.

9. If an rtcdump file is desired select a stream and click Save As.

Capturing TURN RTP streams

1. First we need to enable the Try to decode RTP outside of conversations option.

   1. In Wireshark press Shift+Ctrl+p to bring up the preferences window.

   2. In the menu to the left, expand protocols.

   3. Scroll down to RTP.

   4. Check the Try to decode RTP outside of conversations checkbox.

   5. Click OK.

2. Now perform the steps in Capturing RTP streams section but skip the Decode As steps (2-4).

from: https://webrtc.org/testing/wireshark/#capturing-rtp-streams

利用WireShark分析H264码流

from： https://blog.youkuaiyun.com/luckydarcy/article/details/69666414

背景：最近在参与一个ARM平台的音视频传输的项目，同事说已经是高清视频了，但是显示模糊，显然不能达到高清要求，于是就想抓包分析一下。

---

Step 1：执行如下命令，在 ARM 平台上用 tcpdump 抓包并保存为 test.cap。

tcpdump –i eth0 –nn –w test.cap

• 1

然后启动我们的多媒体通信程序，抓取几秒的数据即可。

Step 2：用 WireShark 工具打开 test.cap 文件。

Step 3：右键点击 H264 的 UDP 包，选择“Decode as…”，选择 RTP，点击 OK 之后就解析成 RTP 包了。

Step 4：查看 RTP 包的 payload type，例如我们这里是102。 
【Dynamic payload types which will be interpreted as H264; Values must be in the range 96 - 127】

Step 5：然后在 WireShark 工具栏中选择 Edit –> preferences –> protocols –> H264，把“H264 dynamic payload types”设成 102，点击 OK。

Step 6：为方便查看，在 Filter 中输入“h264”过滤出 H264 数据包，如下。

Step 7：选择 SPS（Sequence Parameter Set），展开 H.264 数据包，找到 pic_width_in_mbs_minus1 和 pic_height_in_map_units_minus1。