The Vortex OpenSplice DDS Wireshark plugin allows you to use the wireshark ‘dissector’ when using the RTNetworking network protocol. When used with the publicly available DDSI dissector users can watch and trace any Data Distribution Service (DDS) related packet that goes on the wire from your Vortex OpenSplice DDS-based system.
Vortex OpenSplice Wireshark thus allows users to inspect DDSI-RTPS and RTNetworking packets that are exchanged between nodes on your network.
OpenSplice DDS supports two different pluggable network services. These are:
- Standard DDSI2 (RTPS) protocol
- Proprietary native networking (RTNetworking) protocol
If you are using the standard DDSI2 (RTPS) protocol, wireshark already supports this in the RTPS2 plugin. In order to view packets sent with the proprietary native networking protocol you will need to use the Opensplice DDS wireshark plugin to dissect packet information.
Installing the Vortex OpenSplice DDS Wireshark Plugin
Note: Version 1.8.6 of the plugin is incompatible with Wireshark version 2.0.x or later. Previous Wireshark versions are available to download here.
The directory /opt/PrismTech/Vortex_v2/Device/VortexOpenSplice/X.X.X/HDE/x86_64.win64/tools/wireshark-plugins/ospl contains code that can be built as a plugin for wireshark, enabling OpenSplice packets to be decoded.
Building the plugin
The included makefiles are for RedHat 6 but will also work with Fedora 14+ and probably other linuxes or gcc-based unix like development environments with minor modifications.
The wireshark and glib header files and libraries must be available. On RedHat 6 systems these are provided by the wireshark-devel and glib2-devel packages.
Compiling the plugin
Choose an appropriate Makefile.defs.* file and rename it as Makfile.defs
Then running ‘make’ will build the shared library object. If this is placed in a .wireshark/plugins directory in the users home directory, it will be loaded at startup by wireshark.
*note – In some older versions of OpenSplice compiling the plugin may generate an error similar to “undefined symbol: proto_register_ospl“. This can be resolved by ensuring “packet-ospl.o” is included in the Makefile.
Acquiring the plugin
PrismTech no longer provide instructions on how to build the Wireshark Plugin on Windows. Instead, the plugin is available pre-built from the following links, distributed under the General Public License (GPL). You will need to create a PrismTech account in order to download these.
The plugin can still be built manually using the provided makefile, however this will be unsupported due to the complex setup requirements and procedures for building from source.
The plugin is built against Visual Studio 2010 and requires that the redist pack is installed prior to use, this has been provided in the redist folder of the plugin package.
Using theVortex OpenSplice DDS Wireshark Plugin
Installing the plugin
It may then be installed by copying packet-ospl.dll to %APPDATA%\Wireshark\Plugins (typically C:\Documents and Settings\username\Application Data\Wireshark\Plugins). You can find this path by echoing %APPDATA% at a command line.
Wireshark preferences and capture options
In order to receive fewer packets you can enable or disable protocols in the Analyze -> Enabled protocols menu. For example, you can enable only IP, Ethernet and UDP protocols.
In the Edit -> Preferences -> Protocols -> OSPL menu you can change the port numbers for OpenSplice packets. Default port numbers are 54100,54110,54120. You can also specify ranges like “54100-54120”.
In the Capture->Options menu you can :
- Disable “promiscuous mode” in order to get only packets sent to/from your machine.
- Choose “Stop capturing after … kilobytes”.
- Start capturing data.
These options are displayed for the default interface (eth2). In Capture -> Interfaces you can see the list of available interfaces and choose the right one (eth2).
If you restart wireshark the settings in Preferences -> Enabled Protocols are saved from the last run, but Capture -> Options are reset to default values.
Displayed data for OpenSplice packets
Info column (“Packet List” pane):
In the packet list there is a short description of the packet: control packet or data packet, flags, packet length, number of messages, packet number (if RELIABLE flag is set). If you select a packet in the packet list, its details are displayed in “Packet Details” pane.
Here you can sort packets by values in different columns.
Protocol tree (“Packet Details” pane)
In the protocol tree you can see the structure of the packet and the values of all protocol header fields. If you select a field in the protocol tree normally you can see the corresponding bytes in the “Packet Bytes” pane, and in the bottom panel you can see the field description.
In some cases an error message is displayed in the protocol tree, for example if message length is greater than the remaining packet length. If an OpenSplice packet is too short, only the flags field is displayed (packets shorter than 8 bytes are ignored).
During the capture (or after it) you can use the filter field in order to display only some special kinds of packets, for example:
ospl – display only OSPL packets
udp – only UDP packets (and not recognized as OpenSplice packets, for example if the port number is not specified in the preferences for OpenSplice protocol
ospl.fl_control == 1 – OSPL control packets
ospl.messages > 1 && ospl.error – OSPL packets containing multiple messages and with a dissector error
ospl && !ospl.error – OSPL packets without dissector errors
ospl_flags == 0xa – OSPL packets with flags = 0xa (RELIABLE and TERMINATOR)
In the bottom pane you can see how many packets are there and how many of them are displayed.
Field names in OpenSplice protocol which can be used for display filter:
ospl.snode (sending node id )
ospl.plength (packet length)
ospl.rnode (receiving node id)
ospl.partition (network partition id)
ospl.crc (crc checksum of the packet (optional))
ospl.messages (number of messages in the packet)
ospl.error (dissector error)
In data packets:
ospl.packet (packet number)
ospl.message (fragmented message number)
ospl.fragment (fragment number)
ospl.tmessage (terminating message number)
ospl.tfragment (terminating fragment number)
ospl.mlength (message length)
In control packets:
ospl.chstatus (channel status)
ospl.apartition (network partition id of acked messages)
ospl.astart (starting packet number of acked range)
ospl.aend (closing packet number of acked range)
Saving captured data
After capturing packets you can save the captured data in a file and reuse it. You can save all packets or only displayed (filtered) packets. Wireshark can also export captured data in xml format.