Youtube Video Streaming protocol

Question

I was capturing youtube video packets using wireshark. I saw it was http tunneled over tcp packet. (Even in case of youtube live streaming).

But whatever I know is that youtube uses flash video technology and html5. Again in some websites they mention about DASH protocol.

My question is, what is the exact protocol used by youtube? And how we can interpret the data that I have captured in wireshark? In the capture it is shown as just 'Data'. There is nothing mention as video data or any other things like that.

Answer 1

The exact protocol is tcp; although YouTube has been switching over to UDP as of late. The inability to interpret packet data is intentional, the way YouTube breaks up streaming data prevents capture apps like Wireshark from exposing anything about the data being transferred. To interpret the data you are going to need capture the data from a substantial number of packets and compile it to form a part of the file be sent. It’s best to just take the source IP from the pocket sender and use DNS to resolve it to the Domain name, then do research on what type of data that can be expected from that domain, but obviously this is extremely unreliable.

Answer 2

YouTube primarily uses the VP9 and H.264/MPEG-4 AVC video formats, and the Dynamic Adaptive Streaming over HTTP protocol.

By January 2019, YouTube had begun rolling out videos in AV1 format.

For mobile - Sometimes Youtube servers are sending data using RTSP which is an Application Layer Protocol.

On the transport layer RTSP uses both TCP and UDP.

If you want to parse youtube data from wireshark you will have to store it and run it inside a flashplayer. The video is sent as a flash object embedded into the HTML Page that is sent to you via https.

Source:

https://en.wikipedia.org/wiki/YouTube#Features