All geek questions in one place

Decoding URLs in Wireshark

I am trying to connect directly to the video stream of an IP video server (Nuuo IP server).

Their instruction manual contains the URL of the "home" - the page on which the small activeX element is installed, which processes all interactions with the actual video server.

I need the url of this backend server. [I do not need the additional controls available to the ActiveX control, and I am in an environment where Internet Explorer is not available. I just want a stream]

I tried Wireshark, which captured all the packages but does not show me the full URL of the different pages. [that is: if the physical device is on 212.234.56.456, it shows the same URL whether I connect to the home page (212.234.56.456/home.html) to the video server (maybe something like 212.234.56.456/video .amp) or anything else inside the device.]

Despite a lot of scratches on my head and a search for their site and guide, I canโ€™t figure out how to get the whole server URL.

Can someone direct me to a tutorial or to the instructions page - or just indicate how to do this?

Wireshark does not have to be a solution - I will be happy to use something else (I tried Fiddler, but I donโ€™t know how to configure it - by default it doesnโ€™t catch any of this traffic)

thanks

Edit: TCP protocol

: 8000 [ . - 8000]

, - VLC RealPlayer [ ] activeX, . - TCP, , . MPEG 4 [h.264] RTSP://

, Axis ( rtsp://[server-ip-address]: 554/axis-media/media.amp VLC) Arecont (rtsp://[server-ip-address]/h264.sdp). , Nuuo, , Axis.

, Wireshark, ActiveXControl ( ). Wireshark [ , ]:

No.     Time        Source                Destination           Protocol Info
 53 7.198090    192.168.1.4           212.143.234.227       TCP      4734 > irdmi [SYN] Seq=0 Win=65535 Len=0 MSS=1460

Frame 53 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Jul  8, 2009 13:24:35.008644000
    [Time delta from previous captured frame: 0.048542000 seconds]
    [Time delta from previous displayed frame: 7.198090000 seconds]
    [Time since reference or first frame: 7.198090000 seconds]
    Frame Number: 53
    Frame Length: 62 bytes
    Capture Length: 62 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Intel_66:1e:41 (00:19:d1:66:1e:41), Dst: GigasetC_49:05:10 (00:21:04:49:05:10)
    Destination: GigasetC_49:05:10 (00:21:04:49:05:10)
        Address: GigasetC_49:05:10 (00:21:04:49:05:10)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Intel_66:1e:41 (00:19:d1:66:1e:41)
        Address: Intel_66:1e:41 (00:19:d1:66:1e:41)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.4 (192.168.1.4), Dst: 212.143.234.227 (212.143.234.227)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0x816c (33132)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0xf83b [correct]
        [Good: True]
        [Bad : False]
    Source: 192.168.1.4 (192.168.1.4)
    Destination: 212.143.234.227 (212.143.234.227)
Transmission Control Protocol, Src Port: 4734 (4734), Dst Port: irdmi (8000), Seq: 0, Len: 0
    Source port: 4734 (4734)
    Destination port: irdmi (8000)
    [Stream index: 3]
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x02 (SYN)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgement: Not set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port irdmi]
                [Message: Connection establish request (SYN): server port irdmi]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 65535
    Checksum: 0x378c [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (8 bytes)
        Maximum segment size: 1460 bytes
        NOP
        NOP
        SACK permitted
+3
3

WireShark Analyze, "Decode As". "". TCP, , , Wireshark (). http, URL-, http.

, http://home2.paulschou.net/tools/xlate/

+4

, SYN- TCP/IP, URL. ( wirehark, gui).

( , , ) - , .

+1

Fiddler does not capture traffic without HTTP (S). Do you have reason to believe that this ActiveX uses HTTP, and not direct TCP / IP?

0
source

Source: https://habr.com/ru/post/1712087/

More articles:


All Articles