Real Time Streaming Protocol Sirisha Yenigalla Vishal Marda Dushyant Vipradas.

Real Time Streaming Protocol

Sirisha Yenigalla Vishal Marda Dushyant Vipradas

04/19/23 Real Time Streaming Protocol 2

Introduction RTSP and Streaming Role of RTSP RTP and RTSP Working of RTSP RTSP Methods Applications of RTSP RTSP Vulnerabilities

Contents


Introduction

RTSP is an application-level protocol for the control of real-time streaming data.

IETF Standard RFC 2326

It uses RTP as the underlying data delivery protocol and offers a VCR-like control to the user: Play, Stop, Pause, FF and REW, as well as random access to any part of the media clip.


(Introduction…contd)

RTSP also helps the server to adjust the media bandwidth to the network congestion in order to suit the available capacity.

Another important function of RTSP is its ability to choose the optimum delivery channel to the client. For instance, if UDP cannot be used (some corporate firewalls will not pass UDP), the streaming server has to offer a choice of delivery protocols – multicast UDP or TCP to suit different clients.


RTSP and HTTP

RTSP is similar to HTTP/1.1 in terms of syntax and operation but differs in several important aspects.

With RTSP, both the client and the server can issue requests during interaction, as opposed to HTTP where the client always issues the requests (for documents).


(RTSP and HTTP…contd)

RTSP maintains a state by default which happens to be very important in streaming media files.

The HTTP protocol is a stateless protocol. This simply means that HTTP is unable to retain a memory of the identity of each client that connects to a web site and therefore treats each request for a web page as a unique and independent connection, with no relationship whatsoever to the connections that preceded it.


RTSP and Streaming

RTSP is the central protocol of a streaming framework. Streaming is the process of playing a file while it is still

downloading. The innovation of streaming

No need to entirely store it locally before playing


(…contd)

Large audio and video files need not be downloaded to your computer .

Streaming media technology allows the client to see or hear the content in just a few seconds instead of waiting.


pre-stored media Its already been recorded and archived somewhere, when the user wants to access it we serve it as a stream

live broadcast media The content is streamed as its produced (there may be a small editing / safety delay, as with traditional broadcasting) straight to the user

live interactive media Such as videoconferencing - each user might produce their own stream, and there isn't control by one broadcaster

Streaming media will usually take the form of:


The transmission of the stream can be:

one-to-one or point to point - in networking terms, unicast. The stream travels directly from the source (server) to the user (client).

one-to-many or multicast. One stream will be (literally) broadcast to many users.


Kinds of streaming audio or video available

Real Networks (with RealMedia, Real Video and RealAudio)

Microsoft (with Windows Media - audio and video)

Apple (with QuickTime)

Null soft Streaming Video (.nsv) and Shoutcast, IceCast (GNU GPL/Open Source version of Shoutcast), Live365 streaming audio


Protocols used in Streaming Technology

Session Description Protocol (SDP)

Real Time Transport Protocol (RTP)

Real-time Control Protocol (RTCP)

Hypertext Transfer Protocol (HTTP)

Real Time Streaming Protocol (RTSP)


Role of RTSP

Controlling and processing the interactive control functions such as pause/resume, fast forward, rewind is an important aspect of streaming and RTSP takes up this major role.

Delivery mechanisms are based solely on RTP.

RTSP is designed to be on top of RTP to both control and deliver real-time content.


RTP and RTSP

It’s important to distinguish between RTP and Real-Time Streaming Protocol (RTSP), another transfer protocol. RTSP is used when viewers communicate with a unicast server.

RTSP allows two-way communication; that is, viewers can communicate with the streaming server and do things like rewind the movie, go to a chapter, and so on.

By contrast, RTP is a one-way protocol used to send live or stored streams from the server to the client.


Streaming from a streaming server to a media player

Iris

W eb b row se r

M ed ia p laye r

Tower box

Tower box

W ebserve r

S tream ingse rve r

C lien t

(1 )H TTP reques t/

response ,descrip tion file

(3 )A ud io /v ideo filereques ted and

sen t

(2 )D escrip -tion file

In te rne t


Working of RTSP

FIGURE

RTSP Media Player-Server Sequence Chart

UserInterface

RTSPPlayer

RTSPServer

OpenURLSETUPresponse1

PLAY

response2audio

PAUSEresponse3

Quit TEARDOWNresponse10

ActivateRTP

Activate RTP


Explanation – Working of RTSP

Before a client can establish the streaming session it some how has to get the session description from the web server using the HTTP protocol.

According to the information in the session description the client sends a RTSP SETUP request to the streaming server.


(working of RTSP …contd)

The server informs the client with an OK (ack) response to indicate that the stream has been prepared successfully.

The client starts the streaming with a RTSP PLAY request and ends the streaming session with a RTSP TEARDOWN request.


Client State Machine


Server State Machine


Example of a RTSP Description File

<title>Twister/title><session> <group language=en lipsync>

<switch> <track type=audio

e=”PCMU/8000/1”src= ”rtsp://audio.example.com/twister/ audio.en/lofi”>

<track type=audioe=”DVI4/16000/2” pt=”90 DVI4/8000/1”scr=”rtsp://audio.example.com/twister/ audio.en/hifi”>

</switch><track type=”video/jpeg”

scr=”rtsp://video.example.com/twister/video”> </group></session>


Explanation of the Description File

The RTSP Content Markup Language document can be defined using an XML DTD (Document Type Definition), and is HTML-like. Most of it is self-explanatory. The ’group’ includes two audio tracks and a video track, and the ’group’ tag includes the language parameter (en =English) and a requirement that the sound shall be lip-synchronised with the video. The ’swich’ tag indicates that we can swich between two sound tracks. The coding schemes for the audio are given by the parameters ’e’ and ’pt’. To locate resources, RTSP defines a variant of URL, see ’src’. The parameter ’lofi’ indicates ’low fidelity’ sound. The RTSP URL may include a port number.

RTSP Message Format

The RTSP message formats share a similar syntax to HTTP The general syntax for an RTSP method is:

{method name} {URL} {protocol version}CRLF {parameters}

An example of an RTSP request follows:

DESCRIBE http://foo.com/bar.rm RTSP/1.0

CSeq: 312

Accept: application/sdp, application/mheg

This is a request for an RTSP server to send a description of the media

content, http://foo.com/bar.rm, using either Session Description Protocol

(SDP) or Multimedia and Hypermedia Experts Group (MHEG) formats.

An RTSP message may also contain a body. The general syntax for a method with a body is:

{method name} {URL} {protocol version}CRLF

{MIME header field}CRLF

...

{MIME header field}CRLF

CRLF

{optional body, depending on the presence of a "Content-length"}

The following example contains a description of the media referenced by the request URL, rtsp://foo.bar.com/bar.rm, using the SDP format.

ANNOUNCE rtsp://foo.bar.com/bar.rm RTSP/1.0CSeq: 312Date: 9 Sep 1998 13:00:00 GMTSession: 45991232Content-Type: application/sdpContent-Length: 332v=0o=efutz 1928384477 1928386879 IN IP4 127.15.32.2s=A Short Storyi=A short narrative depicting the early days of the Internetu=http://www.yo.com/efutz/[email protected] (Elmer Futz)c=IN IP4 225.2.14.10/127t=3928384899 3928493389a=recvonlym=audio 8756 RTP/AVP 0m=video 3487 RTP/AVP 31Each RTSP request is followed by a response message. Syntax:

{protocol version} {status code} {reason-phrase}CRLF{parameters}A typical response message may look like the following:RTSP/1.0 200 OKCSeq: 312


RTSP message types


(…Cont)

A start-line if sent in a request is called Request-line otherwise if in a response, is called Status-line.

Start-line = Request-Line | Status-Line Generic format of request line is

Generic format of status line is


RTSP message fields

Different types of header fields General-header field Request-header field Response-header field Entity-header field

Generic format for a header field is


Streaming in Mobile Environments


RTSP Methods

Method DESCRIBE

ANNOUNCE

GET_PARAMETER

OPTIONS

PAUSE

PLAY

RECORD

REDIRECT

SETUP

SET_ PARAMETER

TEARDOWN

DescriptionRetrieves the description of a presentation

Posts the description of a presentation

Retrieves the value of a parameter

Queries the available methods

Streams delivery is halted temporarily

Starts sending data

Starts receiving data

Informs to connect another server location

Specifies the transport mechanism

Requests to set the value of a parameter

Stops the stream delivery and frees the resources


RTSP Applications

Streaming of multi-media via Internet

Video conferencing & lectures.

Broadcasting of entertainment.

Remote digital editing

Voice mail


RTSP Vulnerabilities

Vulnerability VU#329561 Real Networks Helix Universal server Vulnerable to buffer

overflow when supplied an overly long string within the "Transport" field of a SETUP RTSP request.

Impact A remote attacker may be able to execute arbitrary code on

the vulnerable system. This attacker-supplied code would be run with the privileges of the user running the Helix Server.


Vulnerability Note VU#934932

Real Networks media server RTSP protocol parser buffer overflow.

Impact

A remote attacker can either execute arbitrary code with privileges of the running service or cause it to crash.



Real Networks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string for the "Describe" field

Impact

A remote attacker may be able to execute arbitrary code on the vulnerable system. This attacker-supplied code would be run with the privileges of the user running the Helix Server.



Apple QuickTime/Darwin Streaming Server fails to properly parse DESCRIBE requests.

Impact

An unauthenticated, remote attacker could prevent legitimate users from accessing the streamed content.


Solution to the Vulnerabilities

Here all the problems can be resolved by applying a patch from the vendor.


References www.ietf.org

http://www.kb.cert.org/vuls

http://www.cswl.com/whiteppr/tech/StreamingTechnology.html

http://www.javvin.com/protocolRTSP.html

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/fw_rtsp.htm


Questions

#1. What is the transport protocol being used by RTSP?Ans. An RTSP client may use reliable transport

connection such as TCP or alternatively use UDP.(So could be on top of UDP/IP or TCP/IP)

#2. Where is RTSP used?Ans. It is used by streaming media players ,to control

the media streams.

#3. What is main difference between RTSP and HTTP?Ans. HTTP is a stateless protocol ,where as RTSP

maintains the state through out.


THANK YOU

Real Time Streaming Protocol Sirisha Yenigalla Vishal Marda Dushyant Vipradas.

Documents

Transcript of Real Time Streaming Protocol Sirisha Yenigalla Vishal Marda Dushyant Vipradas.