Wireshark extracts H264 and H265 from RTP packets of video data
Article directory
1 background
When analyzing problems related to streaming media, packet capture analysis is a very important method, such as playback with code stream but no image, streaming media protocol docking problems, code stream blurring and freezing, etc. Many problems can be solved by capturing packets and then analyzing the packet data To locate the problem, the most commonly used tool for packet capture is wireshark, which can analyze from the data link layer, IP layer, transport layer, application layer, etc., and supports multiple protocols. The specific usage can be Baidu. This article mainly introduces a scenario of packet capture analysis, how to extract the original data of the video from the RTP packet through wireshark, and analyze the original video stream to know whether there is a problem with the encoding of the video stream, whether there is frame loss, etc.
2 Work before extraction
The preparations are as follows:
- Download wireshark and install: Baidu can download and install
- Capturing RTP packets: You can simulate the rtsp server through ffmpeg, apply for video through vlc, and capture the rtp video stream packets through wireshark. You can also follow the official account 100 warehouse, send video stream analysis messages, and obtain captured data packets (Video stream analysis -> wireshark packets: h264_rtsp_over_udp.pcapng and h265_rtsp_over_udp.pcapng)
- Download the wireshark plug-in: You can follow the official account One Zero Warehouse , send video stream analysis news, and get (video stream analysis tool->wiresharkplugins.zip)
This article mainly describes how to extract the H264 or H265 naked stream from the H264 or H265 packaged by rtp. The rtp transmission method is UDP. The subsequent articles will introduce how to extract video data from the rtp transmission method which is TCP.
3 H264 video extraction steps from RTP packets
H264 video stream extraction steps are as follows:
-
Download and install wireshark, you can download the latest version,
download address -
Unzip the wiresharkplugins.zip compressed package, put the two plug-ins in the compressed package into the plugins directory under the wireshark installation directory, if you have opened wireshark, you need to restart wireshark, the path is as follows:
-
Use wireshark to open the packet capture file of h264_rtsp_over_udp.pcapng, or make the packet file of the video stream captured by yourself. After opening, select the video stream rtp package to be extracted, right-click->follow->UDP stream, close the current stream details page, and filter Drop other irrelevant packages, only select the package of this video.
-
Right-click on the packet data -> decode as..., select rtp in the current attribute list, and decode it into an rtp packet. The latest version should be automatically recognized. If the video is not converted into rtp, you can decode it through this step. At this time, the protocol type of the packet is not rtp , you can see that its payload type is 96
-
Select the menu Edit->Preferences, open the preferences, select Protocols->H.264 in the left menu list, the video encoding of the captured packet here is H.264, the fu-a encoding method, the PT obtained according to the previous step is 96 , H.264 dynamic payload types fill in 96, and then click OK, here wireshark should parse rtp into H.264 format, if 96 has been configured before, but the protocol still has not changed to H.264 format, you can configure it first Change it to other values, and then change it to 96 to trigger the decoding of FU-A. This may be a bug of wireshark.
-
When the Protocol becomes H264, FU-A in Info, it can be extracted through the plug-in, select the menu Tools->Video->Export H264 pop-up export pop-up window, click Export All, you can export H264 naked stream, click Browse to open Export the folder, click Play 1 to play the naked stream directly.
-
After the naked stream is exported, it can be played directly through vlc to see if it is normal, and the encoding information and stream information can also be analyzed through Elecard StreamEye Tools.
4 H265 video extraction steps from RTP packets
H265 video extraction is similar to H264 extraction. Use wireshark to open h265_rtsp_over_udp.pcapng, select a rtp video, and right click -> follow -> UDP stream to filter out other packet data, and then right click -> decode as... to decode it into RTP. Get the payload type of rtp, which is also 96 here, and the subsequent steps are slightly different, as follows:
- Select the menu Edit->Preferences, open the preferences, select Protocols->H.265 in the left menu list, the PT obtained according to the previous step is 96, H.265 dynamic payload types fill in 96, and then click OK, here wireshark should be Parse rtp into H265 format. If 96 has been configured before, but the protocol still has not changed to H265 format, you can configure it to other values first, and then change it to 96 to trigger the decoding of FU-A.
- Select the menu Tools->Video->Export H265 to pop up the export pop-up window, click Export All, you can export the H265 naked stream, click Browse to open the export folder, click Play 1 to play the naked stream directly.
- After the naked stream is exported, it can be played directly through vlc to see if it is normal, and the encoding information and stream information can also be analyzed through Elecard-HEVC-Analyzer
5 Epilogue
Subsequent articles will introduce how to extract PS stream from rtp stream and how to extract H264/H265 naked stream from RTP over TCP For
related articles, RTP related knowledge, tools and packet capture, you can follow the official account 10 warehouse and send video stream analysis , rtp and other news acquisition