Real Time Streaming

Protocol

Prasanti Adusumilli

Swathi Borra
 TOPICS
 Introduction
 RTSP and Streaming
 Role of RTSP
 RTP and RTSP
 Working of RTSP
 RTSP Methods
 Applications of RTSP
 RTSP Vulnerabilities
 Introduction
RTSP is an application-level protocol for the
control of real-time streaming data.

IEFT Standard
 RFC 2326

It uses RTP as the underlying data delivery protocol

and offers a VCR-like control to the user: Play, Stop,
Pause, FF and REW, as well as random access to any
part of the media clip.
(Introduction…contd)

 RTSP also helps the server to adjust the media bandwidth

to the network congestion in order to suit the available
capacity.

 Another important function of RTSP is its ability to choose

the optimum delivery channel to the client. For instance, if
UDP cannot be used (some corporate firewalls
will not pass UDP), the streaming server has to offer a
choice of delivery protocols – multicast UDP or TCP to
suit different clients.
 RTSP and HTTP
 RTSP is similar to HTTP/1.1 in terms of
syntax and operation but differs in several
important aspects.

 With RTSP, both the client and the server

can issue requests during interaction, as
opposed to HTTP where the client always
issues the requests (for documents).
(RTSP and HTTP…contd)

 RTSP maintains a state by default which happens to

be very important in streaming media files.

 The HTTP protocol is a stateless protocol. This

simply means that HTTP is unable to retain a
memory of the identity of each client that connects to
a web site and therefore treats each request for a web
page as a unique and independent connection, with
no relationship whatsoever to the connections that
preceded it.
 RTSP and Streaming
 RTSP is the central protocol of a streaming
framework.
 Streaming is the process of playing a file while
it is still downloading.
 The innovation of streaming
 No need to entirely store it locally
before
playing
(…contd)

 Large audio and video files need not be

downloaded to your computer .

 Streaming media technology allows the

client to see or hear the content in just a few
seconds instead of waiting.
Streaming media will usually take the form of:

 pre-stored media Its already been recorded and

archived somewhere, when the user wants to access
it we serve it as a stream

 live broadcast media The content is streamed as its

produced (there may be a small editing / safety
delay, as with traditional broadcasting) straight to
the user

 live interactive media Such as videoconferencing -

each user might produce their own stream, and there
isn't control by one broadcaster
The transmission of the stream can be:

 one-to-one or point to point - in networking

terms, unicast. The stream travels directly
from the source (server) to the user (client).

 one-to-many or multicast. One stream will

be (literally) broadcast to many users.
 Kinds of streaming audio or video

available
 Real Networks (with RealMedia, Real Video and
RealAudio)

 Microsoft (with Windows Media - audio and video)

 Apple (with QuickTime)

 Null soft Streaming Video (.nsv) and Shoutcast,

IceCast (GNU GPL/Open Source version of
Shoutcast), Live365 streaming audio
Protocols used in Streaming
Technology
 Session Description Protocol (SDP)

 Real Time Transport Protocol (RTP)

 Real-time Control Protocol (RTCP)

 Hypertext Transfer Protocol (HTTP)

 Real Time Streaming Protocol (RTSP)

 Role of RTSP
• Controlling and processing the interactive control
functions such as pause/resume, fast forward,
rewind is an important aspect of streaming and
RTSP takes up this major role.

• Delivery mechanisms are based solely on RTP.

• RTSP is designed to be on top of RTP to both

control and deliver real-time content.
• RTSP implementations will be able to take
advantage of RTP improvements such as
RTP header compression

• Here we need to know the differences

between RTP and RTSP to know that both
have their own specific functions in
streaming.
 RTP and RTSP
 It’s important to distinguish between RTP
and Real-Time Streaming Protocol (RTSP),
another transfer protocol. RTSP is used
when viewers communicate with a unicast
server.
 RTSP allows two-way communication; that
is, viewers can communicate with the
streaming server and do things like rewind
the movie, go to a chapter, and so on.
 QuickTime automatically translates the
viewer interaction with the on-screen movie
controller into the proper RTSP requests.

 By contrast, RTP is a one-way protocol

used to send live or stored streams from the
server to the client.
Streaming from a streaming server to
a media player
C lie n t

(1 )
H T T P re q u e s t/
re s p o n s e ,
d e s c r ip tio n file W eb
Ir is
s e rv e r

W e b b ro w s e r
T ow er box

(2 )
D e s c r ip - In te rn e t
tio n file

M e d ia p la y e r S tr e a m in g
s e rv e r
(3 )
A u d io /v id e o file
re q u e s te d a n d
T ow er box
sent
 Working of RTSP

• FIGURE
 RTSP Media Player-Server Sequence Chart
User RTSP RTSP
Interface Player Server
OpenURL
SETUP
response1
PLAY
Activate response2 Activate
RTP
audio RTP

PAUSE
response3
Quit
TEARDOWN
response10
Explanation – Working of RTSP
 Before a client can establish the streaming
session it some how has to get the session
description from the web server using the
HTTP protocol.

 According to the information in the session

description the client sends a RTSP SETUP
request to the streaming server.
Example of a RTSP Description File
<title>Twister/title>
<session>
<group language=en lipsync>
<switch>
<track type=audio
e=”PCMU/8000/1”
src= ”rtsp://audio.example.com/twister/
audio.en/lofi”>
<track type=audio
e=”DVI4/16000/2” pt=”90 DVI4/8000/1”
scr=”rtsp://audio.example.com/twister/
audio.en/hifi”>
</switch>
<track type=”video/jpeg”
scr=”rtsp://video.example.com/twister/video”>
</group>
</session>
Explanation of the Description File
The RTSP Content Markup Language document can be defined using
an XML DTD (Document Type Definition), and is HTML-like. Most
of it is self-explanatory. The ’group’ includes two audio tracks and a
video track, and the ’group’ tag includes the language parameter (en
=English) and a requirement that the sound shall be lip-synchronised
with the video. The ’swich’ tag indicates that we can swich between
two sound tracks. The coding schemes for the audio are given by the
parameters ’e’ and ’pt’. To locate resources, RTSP defines a variant of
URL, see ’src’. The parameter ’lofi’ indicates ’low fidelity’ sound.
The RTSP URL may include a port number.
(working of RTSP …contd)

• The server informs the client with an OK

(ack) response to indicate that the stream
has been prepared successfully.

• The client starts the streaming with a RTSP

PLAY request and ends the streaming
session with a RTSP TEARDOWN request.
 RTSP Message Format
The following example contains a description of the media
The RTSP message formats share a similar syntax to HTTP referenced by the request URL, rtsp://foo.bar.com/bar.rm,
The general syntax for an RTSP method is: using the SDP format.
ANNOUNCE rtsp://foo.bar.com/bar.rm RTSP/1.0
{method name} {URL} {protocol version}CRLF {parameters}
CSeq: 312
An example of an RTSP request follows: Date: 9 Sep 1998 13:00:00 GMT
DESCRIBE http://foo.com/bar.rm RTSP/1.0 Session: 45991232
CSeq: 312 Content-Type: application/sdp
Content-Length: 332
Accept: application/sdp, application/mheg
v=0
This is a request for an RTSP server to send a description of o=efutz 1928384477 1928386879 IN IP4 127.15.32.2
the media s=A Short Story
content, http://foo.com/bar.rm, using either Session i=A short narrative depicting the early days of the Internet
Description Protocol u=http://www.yo.com/efutz/sdp.04.ps
(SDP) or Multimedia and Hypermedia Experts Group (MHEG) [email protected] (Elmer Futz)
formats. c=IN IP4 225.2.14.10/127
t=3928384899 3928493389
An RTSP message may also contain a body. The general
a=recvonly
syntax for a method with a body is:
m=audio 8756 RTP/AVP 0
{method name} {URL} {protocol version}CRLF m=video 3487 RTP/AVP 31
{MIME header field}CRLF Each RTSP request is followed by a response message. Syntax:
{protocol version} {status code} {reason-phrase}CRLF
...
{parameters}
{MIME header field}CRLF A typical response message may look like the following:
CRLF RTSP/1.0 200 OK
{optional body, depending on the presence of a "Content- CSeq: 312
length"}
Streaming in Mobile Environments
 RTSP Methods
Method Description
DESCRIBE Retrieves the description of a presentation
ANNOUNCE Posts the description of a presentation
GET_PARAMETER Retrieves the value of a parameter
OPTIONS Queries the available methods
PAUSE Streams delivery is halted temporarily
PLAY Starts sending data
RECORD Starts receiving data
REDIRECT Informs to connect another server location
SETUP Specifies the transport mechanism
SET_ PARAMETER Requests to set the value of a parameter
TEARDOWN Stops the stream delivery and frees the
resources
 RTSP Applications
• Streaming of multi-media via Internet
• Video conferencing & lectures.
• Broadcasting of entertainment.
• Remote digital editing
• Voice mail
 RTSP Vulnerabilities
 Vulnerability VU#329561

Real Networks Helix Universal server Vulnerable to buffer overflow

when supplied an overly long string within the "Transport" field of a
SETUP RTSP request.

Impact
A remote attacker may be able to execute arbitrary code on the
vulnerable system. This attacker-supplied code would be run with
the privileges of the user running the Helix Server.
 Vulnerability Note VU#934932

Real Networks media server RTSP protocol parser buffer

overflow.

Impact
A remote attacker can either execute arbitrary code with
privileges of the running service or cause it to crash.
 Vulnerability Note VU#485057

Real Networks Helix Universal Server vulnerable to buffer

overflow when supplied an overly long string for the
"Describe" field

Impact
A remote attacker may be able to execute arbitrary code on
the vulnerable system. This attacker-supplied code would be
run with the privileges of the user running the Helix Server.
 Vulnerability Note VU#460350

Apple QuickTime/Darwin Streaming Server fails to

properly parse DESCRIBE requests.

Impact
An unauthenticated, remote attacker could prevent
legitimate users from accessing the streamed content.
Solution to the Vulnerabilities

Here all the problems can be resolved by applying

a patch from the vendor.
 References
 www.ietf.org

 http://www.kb.cert.org/vuls

 http://www.cswl.com/whiteppr/tech/StreamingTechnology.html

 http://www.javvin.com/protocolRTSP.html

 http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
0/120newft/120t/120t7/fw_rtsp.htm
 Questions
#1. What is the transport protocol being used by RTSP?
Ans. An RTSP client may use reliable transport connection
such as TCP or alternatively use UDP.(So could be on
top of UDP/IP or TCP/IP)

#2. Where is RTSP used?

Ans. It is used by streaming media players ,to control the
media streams.

#3. What is main difference between RTSP and HTTP?

Ans. HTTP is a stateless protocol ,where as RTSP
maintains the state through out.
THANK YOU