When working with IP multicast streams it can sometimes be useful to convert a captured IP stream file to a corresponding MPEG2 transport stream (TS) file. Wireshark has a built-in capability to extract MPEG2-TS packets from the UDP packets of an IP multicast stream. This feature is somewhat hidden away in the menus and not obvious to find.
First select a frame of the UDP stream you are interested in by clicking on it. Then navigate the menu bar to “Analyze” > “Follow” > “UDP Stream”.
A new window will open, showing the contents of the UDP stream in one continuous flow of data. Now select “Show and save data as” > “Raw” and hit “Save as …”.
Give the new file a name and hit “Save”.
It is also possible to filter out specific parts of the UDP stream, but in most cases the “Entire conversation” is what is wanted.
That’s it! All MPEG2-TS packets have been extracted from the UDP stream and are stored to a separate file. The MPEG2-TS file can now be used for other tasks, like error checks or timing analysis.
Leave a Reply