Customising WireShark to Analyse SMPTE-2022-6 and SMPTE-2110 RTP and PTP Traffic

WireShark can be customised by adding scripts and columns to the software to better analyse and report on SMPTE-2110 network traffic. Although this article is aimed at this traffic, many scripts and filters can be added and used to assess packets of any type.

For this example we will be adding LUA scripts to WireShark which will allow us to analyse ST2022-6, ST2110-20 and ST2110-40 flows.

First, we need to write or download the .lua scripts that we require. The three mentioned above are available here:

ST2022-6
ST2110-20
ST2110-40

Open WireShark and find the About WireShark menu. For Windows users this is under Help, for Mac users this is under the WireShark menu in the top left. Select the Folders tab. This will list all the folders that WireShark uses during operation. We are interested in where it store ‘Global Lua Plugins’. The filepath is a link and can be clicked to open the file location.

Copy and past the three .lua files into this folder. Now close and re-open WireShark. To check that the scripts have been installed properly, open the About WireShark window again but this time select the Plugins tab. The three scripts we have just copied into the folder should now be at the top of the list.

We now need to tell WireShark to associate the various RTP payload types with the scripts we have just installed so it will decode the additional information that we need. To do this, open WireSharks preferences and select Protocols. Scroll down the list to find SMPTE_2022_6. Set the payload type to be 98.

Repeat this process to set protocol ST_2110_20 to payload type 98 and ST_2110_40 to payload type 100.

Finally, we need to tell WireShark where to look for the RTP traffic in any capture. Initially the capture will display the data from the video flow as UDP , because that’s what the packets are. If you download this example and open it in WireShark you will see this.

This capture is a single frame on video encoded as ST2022-6.

In this example we need WireShark to treat UDP traffic from port 20000 as RTP traffic. right click on any of the packets, select Decode As and change the Current field to RTP.

Now packets will be decoded as RTP and the because the payload type is 98, the appropriate .lua script is used to derive a lot of information about the video the packet contains. as this is an ST2022-6 packet (not a ST-2110 packet) the packet header contains a lot more information about the flow, such as resolution and frame rate.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *