Wireshark/tshark Plugin in C for RSocket.
NOTE: This is a work in progress.
Currently it supports all RSocket frames, except resumption.
- Download Wireshark source-code.
- Create rsocket directory inside wireshark/plugins/epan folder.
- Download/Clone source code from this repo into the rsocket folder.
- Inside wireshark folder, create CMakeListsCustom.txt and add the line.
set(CUSTOM_PLUGIN_SRC_DIR plugins/epan/rsocket)
- Follow the build instructions of Wireshark for your OS setup
- Copy the built rsocket.so to the Plugins folder of wireshark. This depends on OS - on macOS it is typically ~/.config/wireshark/plugins or ~/.wireshark/plugins. You can see the location of the plugin folder by opening wireshark and going to __About -> __Folders.
-
This code has been tested with latest stable release of Wireshark (3.2.0)
-
To enable the RSocket dissector in Wireshark either
- Change the TCP or websocket port in: __Edit -> __Preferences -> __RSocket.
- Or use Analyze -> Decode As UI and add identifiers for your packet flow (say TCP port) and select RSocket as the decoding protocol (only available for raw TCP).