Version 32

    Wireshark plugin for JGroups





    Wireshark is a freely available, open source network protocol analyzer ( which permits the capture and analysis of packets exchanged between processes over a network.


    As of August 2008, work is underway to develop a JGroups dissector plugin for Wireshark. Such a dissector plugin allows identifying JGroups-specific messages within a capture session and viewing the JGroups-specific content of those messages. An example screen shot of the plugin in its current state of development (version 0.0.1) appears below:




    Where to get the plugin



    The dissector is available in two forms: plugin source code only, or binary versions of wireshark with the plugin installed.


    Dissector source


    The dissector source, sample JGroups capture files and instructions for installing the plugin into a source version of Wireshark can be downloaded from the JGroups SourceForge cvs server:


    > cvs co -d $PLUGIN_SOURCE wireshark-plugin


    Replace the variable $PLUGIN_SOURCE with a directory of your choice. This repository contains dissector source, sample JGroups capture files and instructions for installing the plugin into a source version of Wireshark (downloaded separately).


    Binary versions of Wireshark with plugin installed


    Binary versions of Wireshark containing the plugin can be obtained at


    Versions will be made available for Window XP and Fedora. Creating binary versions for other OSs can be achieved using the plugin source.


    Windows version:

    This version is packed inside a Windows installer. Simply execute the Windows installer to install Wireshark. Wireshark requires the WinPCap library (4.0.2) to be installed - the installer will prompt you for its installation if it is not already installed.


    Linux version:

    This version is packed as a Fedora version-dependent srpm. The rpmbuild command can be used to rebuild an architecture-specific binary version using the following steps:


    1. Set up an rpm directory structure to support the build

    Choose a base directory $BASEDIR to which you have write access (e.g. BASEDIR=/home/myuserid) and create the following directory structure:


    > mkdir -p $BASEDIR/src/rpm
    > cd $BASEDIR/src/rpm
    > mkdir RPMS/i386 RPMS/i486 RPMS/i586 RPMS/i686 RPMS/athlon RPMS/noarch


    Once the directory structure is created, create a file in /home/myuserid called .rpmrc containing the line:

    %_topdir    $BASEDIR/src/rpm


    This directs rpm and rpmbuild to use the created directory structure in place of the default /usr/src/redhat (to which you may not have write access!).




    2. Use the buildrpm command to build the binary packages from the source package:


    For example,


    > buildrpm --rebuild wireshark-jgroups-0.99.6-3.fc8.src.rpm


    Making use of the created tree structure, this will cause the wireshark sources to be extracted from the srpm, patched with the plugin (amongst other patches) and built on the particular architecture of your machine. After the build has completed, the binary rpms will be copied to the RPMS subdirectory for the particular architecture.


    For example, the above command executed on Fedora Core 8 results in the files RPMS/i386/wireshark-0.99.6-3.fc8.i386.rpm, RPMS/i386/wireshark-debug-0.99.6-3.fc8.i386.rpm and RPMS/i386/wireshark-gnome-0.99.6-3.fc8.i386.rpm.




    3. Install the binary rpms


    > rpm -ivh wireshark-0.99.6-3.fc8.i386.rpm
    > rpm -ivh wireshark-gnome-0.99.6-3.fc8.i386.rpm


    NOTE: before installing, ensure that previous versions of Wireshark are uninstalled, as the binary version of the plugin will install into the same filespace locations.





    Using the plugin



    1. Start Wireshark:


    For example, on Fedora:


    > wireshark




    2. Once the Wireshark UI is displayed, you may set preferences by visiting




    In particular, you may want to allow debugging fields to be displayed in the wireshark session.




    3. Use File->Open to open a sample capture file (for example, as included in the plugin source distribution) and view the JGroups packets.