Skip to content

Latest commit

 

History

History
202 lines (148 loc) · 8.1 KB

README.md

File metadata and controls

202 lines (148 loc) · 8.1 KB

zenoh dissector banner

Zenoh Dissector in Rust

Zenoh protocol dissector for Wireshark.

Warning

For Zenoh protocol of version older than 0.10.0, please check the lua plugin here.

The plugin currently requires the Wireshark library version 4.4.

Prerequisites

You must have Wireshark 4.4 installed on your platform. Please refer to the download page or follow the installation commands below.

Installation

We highly recommend following the instructions in the releases. Or you can follow the following instructions to build your own plugin.

(Optional) Build the zenoh-dissector from source

Install dependencies

Zenoh dissector is based on Wireshark EPAN (Enhanced Packet ANalyzer) library. We need to install Wireshark with its library. Please follow the steps below according to your operating system.

  • Linux (Ubuntu)

    sudo apt install -y software-properties-common
    sudo add-apt-repository -y ppa:wireshark-dev/stable
    sudo apt install -y wireshark-dev
    sudo apt install -y --allow-change-held-packages wireshark
  • macOS

    Install Wireshark with Homebrew.

    brew install --cask wireshark

    Create a symbolic link for linking the wireshark dynamic library later.

    ln -snf $(find /Applications/Wireshark.app/Contents/Frameworks -name "libwireshark.*.dylib" | tail -n 1) libwireshark.dylib
    export WIRESHARK_LIB_DIR=$(pwd)
  • Windows

    Install Wireshark with Chocolatey.

    choco install -y --force --no-progress xsltproc docbook-bundle nsis winflexbison3 cmake wireshark

Build the plugin

zenoh-dissector is written in Rust, therefore the toolchain Rustup is needed to build the program.

cargo build --release

Note

(Optional) Choose your custom Wireshark library In case you want to build your Wireshark from source and link to this library while building zenoh-dissector. We also support this way via setting enviromental variable. Note that users need to ensure this library can be found while using it with Wireshark.

  • Windows (Powershell and Windows version >= 10) For example, assuming that you have Wireshark installed at 'C:\MyWireshark'. You can tell cargo build to find the Wireshark library you want to link.

    $Env:WIRESHARK_LIB_DIR='C:\MyWireshark'
    cargo build --release

    Add the folder into the PATH so that it can find the dynamic library in runtime.

    [System.Environment]::SetEnvironmentVariable('PATH', [System.Environment]::GetEnvironmentVariable('PATH', 'user')+';C:\MyWireshark', 'user')
  • Linux (Ubuntu) and macOS

    WIRESHARK_LIB_DIR=MyWireshark cargo build --release

    Add the library into LD_LIBRARY_PATH for linux or DYLD_LIBRARY_PATH for macOS.

Move the plugin to Wireshark's plugin folder

  • Linux (Ubuntu)

    mkdir -p ~/.local/lib/wireshark/plugins/4.4/epan
    cp ./target/release/libzenoh_dissector.so ~/.local/lib/wireshark/plugins/4.4/epan/libzenoh_dissector.so
  • macOS

    mkdir -p ~/.local/lib/wireshark/plugins/4-4/epan
    cp ./target/release/libzenoh_dissector.dylib ~/.local/lib/wireshark/plugins/4-4/epan/libzenoh_dissector.so
  • Windows

    $epan_dir = "$Env:APPDATA\Wireshark\plugins\4.4\epan"
    if (-Not (Test-Path $epan_dir)) {
        mkdir -p $epan_dir
    }
    cp .\target\release\zenoh_dissector.dll $epan_dir

Usage

Example: Sample Data

Running Wireshark in TUI version

Linux(Ubuntu) and macOS

tshark -r ./assets/sample-data.pcap

Windows PowerShell

& 'C:\Program Files\Wireshark\tshark.exe' -r .\assets\sample-data.pcap

Example outpout

1 0.000000000    127.0.0.1 → 127.0.0.1    TCP 74 60698 → 7447 [SYN] Seq=0 Win=65495 Len=0 MSS=65495 SACK_PERM TSval=1530879817 TSecr=0 WS=128
2 0.000021385    127.0.0.1 → 127.0.0.1    TCP 74 7447 → 60698 [SYN, ACK] Seq=0 Ack=1 Win=65483 Len=0 MSS=65495 SACK_PERM TSval=1530879817 TSecr=1530879817 WS=128
3 0.000042754    127.0.0.1 → 127.0.0.1    TCP 66 60698 → 7447 [ACK] Seq=1 Ack=1 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
4 0.000342409    127.0.0.1 → 127.0.0.1    Zenoh 88
5 0.000358149    127.0.0.1 → 127.0.0.1    TCP 66 7447 → 60698 [ACK] Seq=1 Ack=23 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
6 0.000488613    127.0.0.1 → 127.0.0.1    Zenoh 138
7 0.000507245    127.0.0.1 → 127.0.0.1    TCP 66 60698 → 7447 [ACK] Seq=23 Ack=73 Win=65536 Len=0 TSval=1530879817 TSecr=1530879817
8 0.000602256    127.0.0.1 → 127.0.0.1    Zenoh 124
9 0.000731706    127.0.0.1 → 127.0.0.1    Zenoh 74
10 0.001131081    127.0.0.1 → 127.0.0.1    Zenoh 100
11 0.001280084    127.0.0.1 → 127.0.0.1    TCP 66 60698 → 7447 [ACK] Seq=81 Ack=115 Win=65536 Len=0 TSval=1530879818 TSecr=1530879818
12 0.501613967    127.0.0.1 → 127.0.0.1    Zenoh 119
13 0.501667850    127.0.0.1 → 127.0.0.1    Zenoh 70
14 0.501971515    127.0.0.1 → 127.0.0.1    TCP 66 7447 → 60698 [ACK] Seq=115 Ack=138 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
15 0.502048215    127.0.0.1 → 127.0.0.1    TCP 66 60698 → 7447 [FIN, ACK] Seq=138 Ack=115 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
16 0.502105376    127.0.0.1 → 127.0.0.1    TCP 66 7447 → 60698 [FIN, ACK] Seq=115 Ack=139 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319
17 0.502135271    127.0.0.1 → 127.0.0.1    TCP 66 60698 → 7447 [ACK] Seq=139 Ack=116 Win=65536 Len=0 TSval=1530880319 TSecr=1530880319

Example: Pub/Sub

Take the pub/sub as a example. One can check here for the building instructions.

demo-pubsub

Preferences

Zenoh dissector's settings can be changed via the menu bar through Edit > Preferences > Protocols > Zenoh or by right clicking a Zenoh packet and selecting Protocol Preferences > ZenohProtocol.

Currently supported settings are as follows:

  • TCP/UDP port selection.
  • (Experimental) Message decompression.

Warning

Zenoh dissector does not support packet captures that mix compressed and uncompressed messages. Message decompression should be enabled if and only if all Zenoh messages are compressed. If you see a message that reads "Failed to decode possibly due to the experimental compression preference", this might indicate that some Zenoh messages are not compressed, while the dissector is configured to decode them as compressed messages (or vice versa).

  • (Experimental) Heuristic dissector. This setting is not present in Edit > Preferences > Protocols > Zenoh but instead in Analyze > Enabled Protocols. Under the Zenoh protocol, the two heuristic dissectors zenoh_tcp_heur (Zenoh over TCP) and zenoh_udp_heur (Zenoh over UDP) can be enabled by switching their respective checkboxes.

Important

When enabled, Zenoh dissector will attempt to decode all TCP and UDP packets as Zenoh messages. Note that this might be performance-intensive and could theoretically even lead to decoding non-Zenoh messages. For these reasons, the heuristic dissector is disabled by default.

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.