Wireshark-users: [Wireshark-users] Decoding H.264 stream using Wireshark
From: Anirud <cuteanirud@xxxxxxxxx>
Date: Mon, 19 Jul 2010 15:17:19 -0400
Hi all,

A newbie question here. I have been using Wireshark for only a couple
of days now.  I downloaded the binary 1.2.9 for Windows and managed to
capture a few transport packets - UDP containing RTP.  The
conversation uses H.264 video bitstream.

I instructed Wireshark to "Decode As" -> "Transport UDP source port(s)
as" RTP.  I saw that the payload-type is DynamicRTP-Type-96 so then in
the Edit->Preferences-Protocols-H264, I selected the payload type as
96.

This really helped me and I could see the packet headers and even the
payload.  However, I am unable to dissect the H264 bitstream.
Wireshark shows something like follows and doesn't go inside the "H264
bitstream".  I downloaded the source for Wireshark and found
wireshark-1.2.9/epan/dissectors/packet-h264.c which suggests that I
should be able to see the syntax elements and various other fields as
well.

Obviously, I am doing something wrong and/or stupid.  Please advice.
Any pointers greatly appreciated.
Thanks and regards,
Anirud
--------- One selected packet was exported to text file as follows --------

Real-Time Transport Protocol
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...1 .... = Extension: True
    .... 0000 = Contributing source identifiers count: 0
    0... .... = Marker: False
    Payload type: DynamicRTP-Type-96 (96)
    Sequence number: 35525
    Timestamp: 2966614680
    Synchronization Source identifier: 0x00000001 (1)
    Defined by profile: 48862
    Extension length: 3
    Header extensions
        Header extension: 1711276032
        Header extension: 2615214809
        Header extension: 1912602625
H.264
    NAL unit header or first byte of the payload
        0... .... = F bit: No bit errors or other syntax violations
        .01. .... = Nal_ref_idc (NRI): 1
        ...1 1000 = Type: STAP-A (24)
    H264 bitstream