Zenoh protocol dissector for Wireshark.
Warning
For Zenoh protocol of version older than 0.10.0, please check the lua plugin here.
The plugin currently requires the Wireshark library version 4.4.
You must have Wireshark 4.4 installed on your platform. Please refer to the download page or follow the installation commands below.
We highly recommend following the instructions in the releases. Or you can follow the following instructions to build your own plugin.
Zenoh dissector is based on Wireshark EPAN (Enhanced Packet ANalyzer) library. We need to install Wireshark with its library. Please follow the steps below according to your operating system.
-
Linux (Ubuntu)
sudo apt install -y software-properties-common sudo add-apt-repository -y ppa:wireshark-dev/stable sudo apt install -y wireshark-dev sudo apt install -y --allow-change-held-packages wireshark
-
macOS
Install Wireshark with Homebrew.
brew install --cask wireshark
Create a symbolic link for linking the wireshark dynamic library later.
ln -snf $(find /Applications/Wireshark.app/Contents/Frameworks -name "libwireshark.*.dylib" | tail -n 1) libwireshark.dylib export WIRESHARK_LIB_DIR=$(pwd)
-
Windows
Install Wireshark with Chocolatey.
choco install -y --force --no-progress xsltproc docbook-bundle nsis winflexbison3 cmake wireshark
zenoh-dissector is written in Rust, therefore the toolchain Rustup is needed to build the program.
cargo build --release
Note
(Optional) Choose your custom Wireshark library In case you want to build your Wireshark from source and link to this library while building zenoh-dissector. We also support this way via setting enviromental variable. Note that users need to ensure this library can be found while using it with Wireshark.
-
Windows (Powershell and Windows version >= 10) For example, assuming that you have Wireshark installed at 'C:\MyWireshark'. You can tell cargo build to find the Wireshark library you want to link.
$Env:WIRESHARK_LIB_DIR='C:\MyWireshark' cargo build --release
Add the folder into the
PATH
so that it can find the dynamic library in runtime.[System.Environment]::SetEnvironmentVariable('PATH', [System.Environment]::GetEnvironmentVariable('PATH', 'user')+';C:\MyWireshark', 'user')
-
Linux (Ubuntu) and macOS
WIRESHARK_LIB_DIR=MyWireshark cargo build --release
Add the library into
LD_LIBRARY_PATH
for linux orDYLD_LIBRARY_PATH
for macOS.
-
Linux (Ubuntu)
mkdir -p ~/.local/lib/wireshark/plugins/4.4/epan cp ./target/release/libzenoh_dissector.so ~/.local/lib/wireshark/plugins/4.4/epan/libzenoh_dissector.so
-
macOS
mkdir -p ~/.local/lib/wireshark/plugins/4-4/epan cp ./target/release/libzenoh_dissector.dylib ~/.local/lib/wireshark/plugins/4-4/epan/libzenoh_dissector.so
-
Windows
$epan_dir = "$Env:APPDATA\Wireshark\plugins\4.4\epan" if (-Not (Test-Path $epan_dir)) { mkdir -p $epan_dir } cp .\target\release\zenoh_dissector.dll $epan_dir
Running Wireshark in TUI version
Linux(Ubuntu) and macOS
tshark -r ./assets/sample-data.pcap
Windows PowerShell
& 'C:\Program Files\Wireshark\tshark.exe' -r .\assets\sample-data.pcap
Example outpout
1 0.000000000 127.0.0.1 → 127.0.0.1 TCP 74 60698 → 7447 [SYN] Seq=0 Win=65495 Len=0 MSS=65495 SACK_PERM TSval=1530879817 TSecr=0 WS=128
2 0.000021385 127.0.0.1 → 127.0.0.1 TCP 74 7447 → 60698 [SYN, ACK] Seq=0 Ack=1 Win=65483 Len=0 MSS=65495 SACK_PERM TSval=1530879817 TSecr=1530879817 WS=128
3 0.000042754 127.0.0.1 → 127.0.0.1 TCP 66 60698 → 7447 [ACK] Seq=1 Ack=1 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
4 0.000342409 127.0.0.1 → 127.0.0.1 Zenoh 88
5 0.000358149 127.0.0.1 → 127.0.0.1 TCP 66 7447 → 60698 [ACK] Seq=1 Ack=23 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
6 0.000488613 127.0.0.1 → 127.0.0.1 Zenoh 138
7 0.000507245 127.0.0.1 → 127.0.0.1 TCP 66 60698 → 7447 [ACK] Seq=23 Ack=73 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
8 0.000602256 127.0.0.1 → 127.0.0.1 Zenoh 124
9 0.000731706 127.0.0.1 → 127.0.0.1 Zenoh 74
10 0.001131081 127.0.0.1 → 127.0.0.1 Zenoh 100
11 0.001280084 127.0.0.1 → 127.0.0.1 TCP 66 60698 → 7447 [ACK] Seq=81 Ack=115 Win=65536 Len=0 TSval=1530879818 TSecr=1530879818
12 0.501613967 127.0.0.1 → 127.0.0.1 Zenoh 119
13 0.501667850 127.0.0.1 → 127.0.0.1 Zenoh 70
14 0.501971515 127.0.0.1 → 127.0.0.1 TCP 66 7447 → 60698 [ACK] Seq=115 Ack=138 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
15 0.502048215 127.0.0.1 → 127.0.0.1 TCP 66 60698 → 7447 [FIN, ACK] Seq=138 Ack=115 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
16 0.502105376 127.0.0.1 → 127.0.0.1 TCP 66 7447 → 60698 [FIN, ACK] Seq=115 Ack=139 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
17 0.502135271 127.0.0.1 → 127.0.0.1 TCP 66 60698 → 7447 [ACK] Seq=139 Ack=116 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
Take the pub/sub as a example. One can check here for the building instructions.
Zenoh dissector's settings can be changed via the menu bar through Edit > Preferences > Protocols > Zenoh
or by right clicking a Zenoh packet and selecting Protocol Preferences > ZenohProtocol
.
Currently supported settings are as follows:
- TCP/UDP port selection.
- (Experimental) Message decompression.
Warning
Zenoh dissector does not support packet captures that mix compressed and uncompressed messages. Message decompression should be enabled if and only if all Zenoh messages are compressed. If you see a message that reads "Failed to decode possibly due to the experimental compression preference", this might indicate that some Zenoh messages are not compressed, while the dissector is configured to decode them as compressed messages (or vice versa).
- (Experimental) Heuristic dissector. This setting is not present in
Edit > Preferences > Protocols > Zenoh
but instead inAnalyze > Enabled Protocols
. Under theZenoh
protocol, the two heuristic dissectorszenoh_tcp_heur
(Zenoh over TCP) andzenoh_udp_heur
(Zenoh over UDP) can be enabled by switching their respective checkboxes.
Important
When enabled, Zenoh dissector will attempt to decode all TCP and UDP packets as Zenoh messages. Note that this might be performance-intensive and could theoretically even lead to decoding non-Zenoh messages. For these reasons, the heuristic dissector is disabled by default.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.