[rtmpdump] rtmpdump --> tcpdump-parser

Howard Chu hyc at highlandsun.com
Thu Mar 4 19:26:57 CET 2010

mightydoggy wrote:
> I'm working on cleaning up the documentation, pulling together the different
> scenarios etc to get you from site to capture using only rtmpdump/suck/etc...
> With rtmpdump doing such heavy lifting, it seems like now most difficult step
> for people is capturing the variables they need to pass to rtmpdump.
> Since not every user can run rtmpsuck as a separate user, and dumping a
> packet-sniff to a file is pretty minor stuff, how about using rtmpsuck's
> parser, running the file through to spit out the variables/pipe to rtmpdump?
> That way people are more-or-less covered; if they can't run the proxy, they
> can just libpcap and run the results through rtmpsuck for the same effect?
> Unless I'm out of my mind and we can already do that...
> md

With some rare exceptions, this approach won't work for rtmpe because you 
won't know the encryption keys. That's the main reason you need an actual MITM 
like rtmpsuck.

Otherwise, for plain rtmp, sure, it would work fine.

More information about the rtmpdump mailing list