This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 2 and 3
Revision 2 as of 2005-09-23 11:00:32
Size: 2733
Editor: UlfLamping
Comment: fix some typos
Revision 3 as of 2006-06-05 03:19:25
Size: 2737
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 17: Line 17:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 19: Line 19:
== Ethereal == == Wireshark ==
Line 45: Line 45:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 50: Line 50:
A complete list of RTSP display filter fields can be found in the [http://www.ethereal.com/docs/dfref/r/rtsp.html display filter reference] A complete list of RTSP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/r/rtsp.html display filter reference]

Real-time Streaming Protocol (RTSP)

RTSP is used to set up real-time media streams, e.g. ones using ["RTP"] and ["RTCP"].

History

RTSP was first specified in [http://www.ietf.org/rfc/rfc2326.txt RFC2326].

Protocol dependencies

  • ["TCP"]: Typically, RTSP uses ["TCP"] as its transport protocol. The well known TCP port for RTSP traffic is 554.
  • ["UDP"]: RTSP can also use ["UDP"] as its transport protocol (is this ever done?). The well known UDP port for RTSP traffic is 554.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The RTSP dissector is fully functional over TCP, but currently doesn't handle RTSP-over-UDP.

Preference Settings

There are four preference settings affecting RTSP.

RTSP TCP Port:

This preference specifies the first of the TCP ports on which the RTSP dissector will check for traffic. The default is 554.

Alternate RTSP TCP Port:

This preference specifies the second of the TCP ports on which the RTSP dissector will check for traffic. The default is 8554.

Reassemble RTSP headers spanning multiple TCP segments:

When this preference is enabled, then the RTSP dissector will reassemble the RTSP header if it has been transmitted over more than one TCP segment. Although it is unusual for headers span multiple segments, it's not impossible, and this should be checked if you expect to view the contents of the RTSP conversation.

Reassemble RTSP bodies spanning multiple TCP segments:

When this preference is enabled, then the RTSP dissector will reassemble the RTSP body if it has been transmitted over more than one TCP segment.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

  • attachment:SampleCaptures/RTSP.pcap

Display Filter

A complete list of RTSP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/r/rtsp.html display filter reference]

  • Show only the RTSP based traffic:

     rtsp 

Capture Filter

You cannot directly filter RTSP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture RTSP traffic over the default port (554):

     tcp port 554 

    Capture RTSP traffic over the alternate port (8554):

    tcp port 8554 

Discussion

RTSP (last edited 2019-09-03 08:13:06 by GuyHarris)