Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-tools / 7f43c53c2a85d8d5a446f22571bf8b9a232099bd / . / tools / dissect-wireshark / README.md
blob: 02497c795b1e95b508270a83cf58c4daffad2913 [file] [log] [blame] [view]
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]1NDN Packet Dissector for Wireshark
2==================================
Alexander Afanasyev6fbb7b42015-08-10 11:53:49 -0700[diff] [blame]3
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]4**NDN packet dissector requires at least version 1.12.6 of Wireshark with LUA support enabled**
Alexander Afanasyev6fbb7b42015-08-10 11:53:49 -0700[diff] [blame]5
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]6The dissection of [Named Data Networking (NDN) packets](http://named-data.net/doc/ndn-tlv/) is
7supported in the following cases:
Alexander Afanasyev6fbb7b42015-08-10 11:53:49 -0700[diff] [blame]8
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]9- NDN packets are encapsulated in IPv4/IPv6 UDP packets with source or destination port
10 6363 or 56363.
Alexander Afanasyev6fbb7b42015-08-10 11:53:49 -0700[diff] [blame]11
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]12- NDN packets are encapsulated in IPv4/IPv6 TCP segments with source or destination
13 port 6363.
14
15- NDN packets are encapsulated in IPv4/IPv6 TCP/HTTP WebSocket packets with source or
16 destination port 9696.
17
Alexander Afanasyev7f43c532015-08-12 15:28:51 -0700[diff] [blame^]18- NDN packets are encapsulated in Ethernet frames with EtherType 0x8624.
19
Alexander Afanasyev357c2052015-08-10 21:26:52 -0700[diff] [blame]20## Available dissection features
21
22- When UDP packet is fragmented, the dissection is performed after the full IP reassembly.
23 If the full reassembly is not possible (e.g., a wrong checksum or missing segments),
24 dissection is not performed.
25
26- When multiple NDN packets are part of a single UDP datagram, TCP segment, or WebSocket
27 payload, all NDN packets are dissected.
28
29- When a single NDN packet is scattered across multiple TCP segments or WebSocket
30 payloads, it is dissected after the successful reconstruction of the necessary portion
31 of the TCP stream. If the reconstruction of the necessary portion of the TCP stream is
32 not possible (e.g., missing segments), the dissection is not performed.
33
34- When an NDN packet is not aligned to the segment or payload boundary, the dissector
35 searches for any valid NDN packet within the segment using heuristics defined by the
36 following pseudocode:
37
38 for each offset in range (0, packet length)
39 type <- read TLV VarNumber from (buffer + offset)
40 length <- read TLV VarNumber from (buffer + offset + length of type field)
41
42 if type is either 5 or 6 // Type of NDN Interest of Data packet)
43 and length is less 8800 // Current (soft) limit for NDN packet size
44 then
45 dissect NDN packet from (buffer + offset)
46 end if
47
48Currently, the dissector does not support NDNLPv2 packets.
Alexander Afanasyev6fbb7b42015-08-10 11:53:49 -0700[diff] [blame]49
50## Usage
51
52By default, the dissector script `ndn.lua` is installed into `/usr/local/share/ndn-dissect-wireshark`.
53On some platforms, it may also be installed in `/usr/share/ndn-dissect-wireshark` or
54`/opt/local/share/ndn-dissect-wireshark`. To enable the dissector for Wireshark session,
55use `-X` command line option, specifying the full path to the `ndn.lua` script:
56
57 wireshark -X lua_script:/usr/local/share/ndn-dissect-wireshark/ndn.lua
58
59Similarly, NDN packets dissector can be enabled when using `tshark`:
60
61 tshark shark -X lua_script:/usr/local/share/ndn-dissect-wireshark/ndn.lua
62
63To enable NDN packets dissector for all future Wireshark sessions, you can create/edit
64Wireshark's `init.lua` script, which located in `/usr/share/wireshark`,
65`/usr/local/share/wireshark`, `/Applications/Wireshark.app/Contents/Resources/share/wireshark`,
66or similar location depending on the platform and the way Wireshark is installed. The
67`dofile` command should be added to the end of `init.lua` file:
68
69 -- dofile("/full/path/to/ndn.lua")
70 dofile("/usr/local/share/ndn-dissect-wireshark/ndn.lua")
71
72For more detailed information about how to use Lua refer to [Lua wiki](https://wiki.wireshark.org/Lua).
73
74## Known issues
75
76Due to security issues, customized lua scripts are not allowed to be loaded when Wireshark
77is started with root privileges. There are two workarounds:
78
79- run Wireshark, `dumpcap`, or `tcpdump` with root privileges to capture traffic to a file, later
80 running Wireshark without root privileges and to analyze the captured traffic.
81
82- (beware of potential security implications) allow non-root users to capture packets:
83
84 * On Linux platform, you can use `setcap`
85
86 sudo setcap cap_net_raw,cap_net_admin=eip /full/path/to/wireshark
87
88 You may need to install a package to use setcap (e.g., `sudo apt-get install libcap2-bin` on Ubuntu)
89
90 * On Debian/Ubuntu Linux, capturing traffic with Wireshark by a non-root user can be enabled by adding
91 this user to the `wireshark` group.
92
93 See [Wireshark Debian README](http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup)
94 for more details.
95
96 * On OSX platform, `/dev/bpf*` devices need to be assigned proper permissions
97
98 Automatically using ChmodBPF app
99
100 curl https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3373 -o ChmodBPF.tar.gz
101 tar zxvf ChmodBPF.tar.gz
102 open ChmodBPF/Install\ ChmodBPF.app
103
104 or manually:
105
106 sudo chgrp admin /dev/bpf*
107 sudo chmod g+rw /dev/bpf*