用Wireshark解码H.264

H264，你不知道的小技巧-腾讯云开发者社区-腾讯云

这篇文章写的非常好

这里仅做几点补充

init.lua内容：

-- Set enable_lua to false to disable Lua support.
enable_lua = trueif not enable_lua thenreturn
end-- If false and Wireshark was started as (setuid) root, then the user
-- will not be able to execute custom Lua scripts from the personal
-- configuration directory, the -Xlua_script command line option or
-- the Lua Evaluate menu option in the GUI.
-- Note: Not checked on Windows. running_superuser is always false.
--run_user_scripts_when_superuser = truedofile(DATA_DIR.."rtp_h264_extractor.lua")

init.lua放到了这个目录：

C:\Program Files\Wireshark\plugins

rtp_h264_extractor.lua内容为：

--[[* rtp_h264_extractor.lua* wireshark plugin to extract h264 stream from RTP packets** Copyright (C) 2015 Volvet Zhang <volvet2002@gmail.com>** rtp_h264_extractor is free software; you can redistribute it and/or* modify it under the terms of the GNU Lesser General Public* License as published by the Free Software Foundation; either* version 2.1 of the License, or (at your option) any later version.** rtp_h264_extractor is distributed in the hope that it will be useful,* but WITHOUT ANY WARRANTY; without even the implied warranty of* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU* Lesser General Public License for more details.** You should have received a copy of the GNU Lesser General Public* License along with FFmpeg; if not, write to the Free Software* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA*]]dolocal MAX_JITTER_SIZE = 50local h264_data = Field.new("h264")local rtp_seq = Field.new("rtp.seq")local function extract_h264_from_rtp()local function dump_filter(fd)local fh = "h264";if fd ~= nil and fd ~= "" thenreturn string.format("%s and (%s)", fh, fd)elsereturn fhendendlocal h264_tap = Listener.new("ip", dump_filter(get_filter()))local text_window = TextWindow.new("h264 extractor")local filename = ""local seq_payload_table = { }local pass = 0local packet_count = 0local max_packet_count = 0local fu_info = nillocal pre_seq = 0;local function log(info)text_window:append(info)text_window:append("\n")end-- get_preference is only available since 3.5.0if get_preference thenfilename = get_preference("gui.fileopen.dir") .. "/" .. os.date("video_%Y%m%d-%H%M%S.264")elsefilename = "dump.264"endlog("Dumping H264 stream to " .. filename)local fp = io.open(filename, "wb")if fp == nil thenlog("open dump file fail")endlocal function seq_compare(left, right)if math.abs(right.key - left.key) < 1000 thenreturn left.key < right.keyelsereturn left.key > right.keyendendlocal function dump_single_nal(h264_payload)fp:write("\00\00\00\01")fp:write(h264_payload:tvb()():raw())fp:flush()endlocal function dump_fu_a(fu_info)if  fu_info.complete ==  true thenlog("dump_fu_a")fp:write("\00\00\00\01")fp:write(string.char(fu_info.nal_header))for i, obj in ipairs(fu_info.payloads) dofp:write(obj:tvb()():raw(2))endfp:flush()elselog("Incomplete NAL from FUs, dropped")endendlocal function handle_fu_a(seq, h264_data)fu_indicator = h264_data:get_index(0)fu_header = h264_data:get_index(1)nal_header = bit.bor(bit.band(fu_indicator, 0xe0), bit.band(fu_header, 0x1f))if bit.band(fu_header, 0x80) ~= 0 then-- fu start flag foundfu_info = { }fu_info.payloads = { }fu_info.seq = seqfu_info.complete = truefu_info.nal_header = nal_headertable.insert(fu_info.payloads, h264_data)log("Fu start: seq = "..tostring(seq))returnendif fu_info == nil thenlog("Incomplete FU found: No start flag, dropped")returnendif seq ~= (fu_info.seq + 1)% 65536 thenlog("Incomplete FU found:  fu_info.seq = "..tostring(fu_info.seq)..", input seq = "..tostring(seq))fu_info.complete = false;returnendfu_info.seq = seqtable.insert(fu_info.payloads, h264_data)if bit.band(fu_header, 0x40) ~= 0 then-- fu end flag foundlog("Fu stop: seq = "..tostring(seq))dump_fu_a(fu_info)fu_info = nilendendlocal function handle_stap_a(h264_data)log("start dump stap nals")offset = 1		-- skip nal header of STAP-Arepeatsize = h264_data:tvb()(offset, 2):uint()offset = offset + 2local next_nal_type = bit.band(h264_data:get_index(offset), 0x1f)log("STAP-A has naltype = "..next_nal_type..", size = "..size)fp:write("\00\00\00\01")fp:write(h264_data:tvb()():raw(offset, size))offset = offset + sizeuntil offset >= h264_data:tvb():len()fp:flush()log("finish dump stap nals")endlocal function on_ordered_h264_payload(seq, h264_data)local naltype = bit.band(h264_data:get_index(0), 0x1f)if naltype > 0 and naltype < 24 then-- Single NAL unit packetif fu_info ~= nil thenlog("Incomplete FU found: No start flag, dropped")fu_info = nilenddump_single_nal(h264_data)--log("tap.packet: "..", single nal packet dumpped, naltype = "..tostring(naltype)..", len = "..tostring(packet.len))elseif naltype == 28 then-- FU-Ahandle_fu_a(seq, h264_data)elseif naltype == 24 then-- STAP-Aif fu_info ~= nil thenlog("Incomplete FU found: No start flag, dropped")fu_info = nilendhandle_stap_a(h264_data)elselog("tap.packet: "..", Unsupported nal, naltype = "..tostring(naltype))endendlocal function on_jitter_buffer_output()table.sort(seq_payload_table, seq_compare)if #seq_payload_table > 0 thenlog("on_jitter_buffer_output:  seq = "..tostring(seq_payload_table[1].key)..", payload len = "..tostring(seq_payload_table[1].value:len()))on_ordered_h264_payload(seq_payload_table[1].key, seq_payload_table[1].value)table.remove(seq_payload_table, 1)endendlocal function jitter_buffer_finilize()for i, obj in ipairs(seq_payload_table) dolog("jitter_buffer_finilize:  seq = "..tostring(obj.key)..", payload len = "..tostring(obj.value:len()))on_ordered_h264_payload(obj.key, obj.value)endendlocal function on_h264_rtp_payload(seq, payload)local cur_seq = seq.value--log("on_h264_rtp_payload:  seq = "..tostring(seq.value)..", payload len = "..tostring(payload.len)..",pre_seq = "..pre_seq..",cur_seq = "..cur_seq..",packet_count = "..packet_count)if packet_count == 0 thenpre_seq = cur_seqelseif cur_seq == pre_seq thenpacket_count = packet_count + 1--log("on_h264_rtp_payload, duplicate seq = "..tostring(seq.value)..",packet_count = "..packet_count)returnelsepre_seq = cur_seqendendpacket_count = packet_count + 1table.insert(seq_payload_table, { key = tonumber(seq.value), value = payload.value })--log("on_h264_rtp_payload: table size is "..tostring(#seq_payload_table))if #seq_payload_table > MAX_JITTER_SIZE thenon_jitter_buffer_output()endendfunction h264_tap.packet(pinfo, tvb)local payloadTable = { h264_data() }local seqTable = { rtp_seq() }if (#payloadTable) < (#seqTable) thenlog("ERROR: payloadTable size is "..tostring(#payloadTable)..", seqTable size is "..tostring(#seqTable))returnendif pass == 0 thenfor i, payload in ipairs(payloadTable) domax_packet_count = max_packet_count + 1endelsefor i, payload in ipairs(payloadTable) doon_h264_rtp_payload(seqTable[1], payload)endif packet_count == max_packet_count thenjitter_buffer_finilize()endendendfunction h264_tap.reset()endfunction h264_tap.draw()endlocal function remove()if fp thenfp:close()fp = nilendh264_tap:remove()endlog("Start")text_window:set_atclose(remove)log("phase 1")pass = 0retap_packets()log("phase 2:  max_packet_count = "..tostring(max_packet_count))pass = 1retap_packets()if fp ~= nil thenfp:close()fp = nillog("Video stream written to " .. filename)endlog("End")endregister_menu("Extract h264 stream from RTP", extract_h264_from_rtp, MENU_TOOLS_UNSORTED)
end

该文件放到了这里：

C:\Program Files\Wireshark

此外，Elecard StreamEye Tools可以到这里下载：

Download video analysis and monitoring applications| Elecard: Video Compression GuruDownload Elecard products for video analysis and monitoring, encoding and decoding video of various formats.https://www.elecard.com/software