On Apr 14, 2009, at 4:26 PM, bruce wrote:
Trying to figure out if/how to use wireshark to find an address:port
for an
embedded mp3 player that's streaming audio from a website. I've looked
through the website source, as well as the .js files and don't see
any kind
of mms://...
Can wireshark be used for this kind of thing,
Possibly.
and if so, how?!
1. Attach a machine running Wireshark to the same network as the one
the MP3 player is on. If it's Ethernet, you might have to deal with
switching, etc.:
http://wiki.wireshark.org/CaptureSetup/Ethernet
If it's Wi-Fi, you might have to deal with promiscuous and monitor
mode, as well as decrypting WEP or WPA traffic:
http://wiki.wireshark.org/CaptureSetup/WLAN
http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28WPA%29
2. Start capturing, in promiscuous mode (or possibly monitor mode on
Wi-Fi), with no capture filter.
3. Start the MP3 player.
4. Once it starts playing, stop the capture and look through the
traffic to see what happens. Perhaps there's some initial HTTP
traffic to set things up, perhaps there's some RTSP traffic, etc..