Jeff Morriss wrote:
Malcolm Herbert wrote:
Actually I'm interested in looking at the MPEG stream for an audio
streaming project I'm working on - using a tool like wireshark which is
built for packet inspection is a great bonus ... :)
I had another shot at opening an MP3 file this morning from my Windows
host at work using 1.0.0 that I installed yesterday but I get the same
response - although I specify the file type to be 'MPEG
(*.mpeg;*.mpg;*.mp3)' the 'Format:' field says that WireShark is
detecting the file as an 'I4B ISDN trace'. Other MP3 files I have are
detected as 'CSIDS IPlog' ...
In both cases the decoded packet traces are a hash of bizarrely broken
protocols and packet fragments ...
Any thoughts?
Sounds like either the MP3 or those other wiretap modules' (or both)
heuristics are broken, er, not good enough.
I tried with some MP3s I had here and, sure enough, a lot of them showed
up as "I4B ISDN trace". That wiretap module has a fairly limited
heuristic check which could probably be improved. I'd suggest you open
a bug to track the problem.
(OTOH that module hasn't been updated substantially since 1999 and there
aren't any sample captures on the Wiki. Oh, OK, I did find one here:
http://ethereal.netmirror.org/lists/ethereal-dev/199912/msg00248.html )
OK, I did some work and tightened the I4B and CSIDS heuristics so that
they don't think my MP3 file belongs to them (that's revs 25679 and
25680). But the MPEG module still doesn't pick up my MP3; there's a
comment in the source saying "XXX MPEG audio is missing." which I
suppose is the problem. My initial attempts to fix that based on:
http://en.wikipedia.org/wiki/MP3#File_structure
didn't work.