Attachment 'mpeg_dump.lua'
Download 1 -- Wireshark extension to dump MPEG2 transport stream packets
2 --
3 -- To use this script:
4 -- 1. Save it in the Wireshark home directory e.g. c:\Program Files\Wireshark
5 -- 2. Edit init.lua in the Wireshark home directory and add the following line
6 -- dofile("mpeg_packets_dump.lua")
7 -- 3. Restart Wireshark to add the extension
8 -- 4. Capture some traffic which includes some MPEG transport packets, for
9 -- example, it has been tested with MPEG transmitted via UDP multicast.
10 -- 5. Stop the capture, and select Tools -> Dump MPEG TS Packets
11 -- 6. Enter the file where the mpeg stream should be saved.
12 -- 7. In order to select only one of many streams, enter a wireshark filter
13 -- expression, or you can leave the filter blank.
14 -- 8. Press okay. Any MPEG packets in the current capture which were detected
15 -- by the MPEG dissector and that match your filter will be dumped to
16 -- your output file.
17 --
18 -- Tested with Wireshark 1.4.3
19 -- ryan.gorsuch_at_echostar_com
20 -- 2011-04-01
21
22 -- this is going to be our tap, output file, and counter
23 tap_mcast = nil
24 myfile = nil
25 mcast_packets = 0
26
27 -- declare some field extractors
28 mpeg_pid = Field.new("mp2t.pid")
29 mpeg_payload = Field.new("mp2t.payload")
30 mpeg_pusi = Field.new("mp2t.pusi")
31
32 -- do a payload dump when prompted by the user
33 function init_payload_dump(file,filter)
34
35 mcast_packets = 0
36 tap_mcast = Listener.new(nil,filter)
37 myfile = io.open (file, "w+b")
38
39 -- this function is going to be called once each time our filter matches
40 function tap_mcast.packet(pinfo,tvb,tapdata)
41
42 if ( mpeg_pid() ) then
43 myfile:write( tobinary( tostring( tvb:range(42):bytes() ) ) )
44 myfile:flush()
45 mcast_packets = mcast_packets + 1
46 end
47 end
48
49 -- re-inspect all the packets that are in the current capture
50 retap_packets()
51 myfile:close()
52 tap_mcast:remove()
53 debug("Dumped mpeg packets: " .. mcast_packets )
54 end
55
56 -- show this dialog when the user select "Dump" from the Tools menu
57 function begin_dialog_menu()
58 new_dialog("Dump MPEG TS Packets",init_payload_dump,"Output file","Packet filter (optional)\n\nExamples:\nip.dst == 225.1.1.4\nmp2t\nmp2t.pid == 0x300")
59 end
60
61 register_menu("Dump MPEG TS Packets",begin_dialog_menu,MENU_TOOLS_UNSORTED)
62
63
64 function hex(ascii_code)
65 -- convert an ascii char code to an integer value "0" => 0, "1" => 1, etc
66 if not ascii_code then
67 return 0
68 elseif ascii_code < 58 then
69 return ascii_code - 48
70 elseif ascii_code < 91 then
71 return ascii_code - 65 + 10
72 else
73 return ascii_code - 97 + 10
74 end
75 end
76
77 function tobinary(hexbytes)
78 -- this function converts a hex-string to raw bytes
79
80 binary = ""
81
82 for i=1,string.len(hexbytes),2 do
83 byte = 16 * hex( string.byte(hexbytes,i) ) + hex( string.byte(hexbytes,i+1) )
84 binary = binary .. string.char( byte )
85
86 end
87
88 return binary
89
90 end
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.