There used to be a wireshark plugin, written by Richard Achmatowicz, but since it was written in C, every time the wire format changed, the C code had to be changed, too. It is therefore not maintained any longer.
However, there's a class in JGroups that can be used to read messages from the wire: ParseMessages. Since it uses the the same code that's reading messages off the wire, it can always parse messages in the version it's shipped with. It is therefore resistant to wire format changes.
In 4.1.0, I changed ParseMessages to be more useful:
- Reading of TCP streams is now supported
- It can read packets from stdin (ideal for piping from tshark)
- Handling of binary data (e.g. from a PCAP capture) is supported
- Views are parsed and displayed (e.g. in VIEW or JOIN response messages)
- Logical names can be displayed: instead of {node-2543, node-2543} instead of {3673e687-fafb-63e0-2ff1-67c0a8a6f8eb,312aa7da-f3d5-5999-1f5c-227f6e43728e}
- Capture UDP IPv4 traffic with tshark
- Capture TCP IPv6 traffic with tshark
- Capture with tcpdump and wireshark
Happy network sniffing!
 
 
No comments:
Post a Comment