Wireshark
Dan Barrett edited this page Feb 15, 2017
·
6 revisions
Check list of required packages and build instructions
The XIA team at Boston University has added support for XIA in the shipping version of Wireshark. In addition to the XIP header, it also decodes some of the protocols they have developed. Unfortunately, this shipping version doesn't support the the protocols in the CMU implementation of XIA.
We have an experimental version of Wireshark that includes support for the following additional information:
- XSP packets
- XDP packets
- XARP packets
- XCMP packets
- FID headers
sudo apt-get install autogen autoconf libtool libtool-bin bison byacc flex libpcap-dev libgtk-3-dev
git clone https://github.com/XIA-Project/wireshark cd wireshark git checkout xia
cd wireshark ./autogen.sh ./configure --with-dumpcap-group=wireshark --enable-setcap-install --with-libcap make make install
XIA Ethernet Protocols
- XIP 0xc0de
- XARP 0x9990
- Xnetj 0x9991
Using capture filters will help cut down overall packet trace size.
# all XIA related Traffic (ether proto 0xc0de) || (ether proto 0x9990) || (ether proto 0x9991) # XIA related traffic with broadcasts filtered out (ether proto 0xc0de) || (ether proto 0x9990) || (ether proto 0x9991) && !(ether dst ff:ff:ff:ff:ff:ff) # Just XIP and XARP with no broadcasts (most useful) (ether proto 0x9990) || ((ether proto 0xc0de) && !(ether dst ff:ff:ff:ff:ff:ff))
To trim down what is displayed in wireshark.
# all XIP and XARP packets xip && xarp # just streaming packets xstream # just datagram packets xdgram # just xcmp packets xcmp # to eliminate broadcast packets add the following to any of the other display filters && !(eth.dst == ff:ff:ff:ff:ff:ff)