Wireshark with EPICS Channel Access Dissector

[Screenshot]   [V1.0.3]   [V1.0.2]   [V1.0.1]   [Old-versions]   [Background]   [Bottom]

EPICS Channel Access protocol analyzer, or CA packet monitor/sniffer, was sometimes considered desirable.

The EPICS Channel Access plugin for the popular Wireshark network analyzer provides convenient analysis of EPICS CA messages. It was planned at KEKB/Linac, and Klemen Zagar and Anze Zagar at Cosylab have implemented the analyser based on the original work by Ron Rechenmacher at Fermilab.

The CA plugin dissects all CA header fields, and the channel name is also tracked along the virtual circuit. Those fields and channel names can be specified in the filter expression to search the packets of particular interest. Slightly more detailed description is available.

Please send your bug reports and comments to Kazuro.Furukawa at KEK.jp.

Screen shot

Typical screen shot. Packets are captured for EPICS CA protocol with a capture filter of (port 5064 or port 5065). Then those event_add commands/responses are displayed with a display filter of (ca.cmd == CA_PROT_EVENT_ADD). The corresponding channel name is tracked and displayed.

V1.0.3, minor-modified version for Wireshark 1.10.2 or later

by Ralph Lange.

CA plug-in source for wireshark
wireshark-ca-1.0.3.tar.bz2

Original Wireshark source
wireshark-1.10.2 source at wireshark.org, wireshark-1.10.2.tar.bz2 local copy

Build Memo for Unix
See below.
CA plugin binary for Linux X86_64
ca.so, ca plugin built on Debian with Wireshark 1.10.2.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.
Both of the modified source codes and binary were contributed by Ralph Lange. (Thanks!)

V1.0.2, minor-modified version for Wireshark 1.4.6 or later

by K.F

CA plug-in source for wireshark
wireshark-ca-1.0.2.tar.bz2

Original Wireshark source
wireshark-1.4.6 source at wireshark.org, wireshark-1.4.6.tar.bz2 local copy

Build Memo for Unix
See below.
CA plugin binary for Linux X86_64
ca.so, ca plugin built on Scientific Linux 6 with Wireshark 1.2.15, contributed by Leonid Flaks. (Thanks!)

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

V1.0.1, production version with Wireshark 0.99.8 or 0.99.7

by Klemen and Anze Zagar at CosyLab

CA plug-in source for wireshark
wireshark-ca-1.0.1.tar.gz

Patch against wireshark-0.99.8 and -0.99.7 for CA plug-in
wireshark-0.99.8-ca-1.0.1.patch
wireshark-0.99.7-ca-1.0.1.patch

Original Wireshark source
wireshark-0.99.8 source at wireshark.org, wireshark-0.99.8.tar.bz2 local copy
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.8.tar.bz2
cd wireshark-0.99.8

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.1.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.8-ca-1.0.1.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.8-ca-make1.log
./configure --prefix=/usr/new --with-pcre=/sw | & tee ../wireshark-0.99.8-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.8-ca-make3.log
make check | & tee ../wireshark-0.99.8-ca-make4.log
sudo make install | & tee ../wireshark-0.99.8-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-03-13 -cjf ~/wireshark-ca-20080313-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.8/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on Fedora Core 7.
ca-rhl9.so, ca plugin built on RedHat-9.

CA plugin binary for Linux X86_64
ca.so, ca plugin built on Debian (GLIBC_2.2.5) with Wireshark 1.6.1, contributed by Ralph Lange. (Thanks!)

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Wireshark binaries for Unix

Wireshark binary for MacOSX-10.4 Darwin X86
wireshark-0.99.8-ca-1.0.1-darwinx86.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for MacOSX-10.4 Darwin PowerPC
wireshark-0.99.8-ca-1.0.1-darwinppc.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for Linux X86
wireshark-0.99.7-ca-1.0.1-linuxx86.tar.bz2, full binary.
shared library dependencies of wireshark executable
build log files.
It was build on a RedHat-9/Linux-2.4/X86 system, it may run on any later version of Linux.
If you are brave enough to use above binary package, here is a hint.
mkdir /usr/new ; cd /usr/new
tar xjf .../wireshark-0.99.7-ca-1.0.1-linuxx86.tar.bz2
(on newer distributions, you may also need to do 
ln -s libpcap.so.0.8 /usr/lib/libpcap.so.0.6.2
or something like this.  It seems that the binary runs even on RHEL4.)

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

CA plugin binaries for Windows

ca.dll, ca plugin.
Original wireshark binary

Installation
Copy the file ca.dll to plugins subdirectory of your Wireshark installation.

Older Versions

V1.0.0d, V1.0.0c, V1.0.0b
Minor bug fixes and modifications for Wireshark-0.99.8, by A.Z, K.Z and K.F.

V1.0.0
Most of the features were implemented for Wireshark-0.99.7, by A.Z and K.Z.

Jan.19.2008, Dec.24.2007
Ron's plug-in framework was transported for Wireshark, and basic features were confirmed.

Background

Aug.2006. (tech-talk)
CA Sniffer by Ned Arnold etc.

Aug.2007.
Discussion with local companies on tcpdump extension for channel access analysis (without knowing the tech-talk discussion above, I should have searched tech-talk).

Oct.2007. (icalepcs2007)
Discussion with Bob Dalesio, Jeff Hill and Andrew Johnson. (sill without knowing the tech-talk discussion above). Bob suggested me to discuss with Cosylab. Mails were exchanged with Mark Plesko and Klemen Zagar at Cosylab. At first Java-based text oriented tool was considered.

Nov.2007. (tech-talk)
CA protocol dissector by Ron Rechenmacher. Initial implementation of CA plug-in for ethereal.

Nov.2007. (Ron's KEK visit)
Exchanged some more ideas with Ron at KEK. While my original intension was a text-based analyzer, Ron pointed out that the text-based command tshark is a part of wireshark.

Dec.2007.
Contract for wireshark CA plug-in with Cosylab, based on the development by Ron Rechenmacher.

Feb.2008.
CA plug-in version 1.0.0 for wireshark 0.99.7 with all CA protocol dissection.

Mar.2008.
CA plug-in version 1.0.0b,c,d for wireshark 0.99.8 with minor bug fixes.

Mar.2008.
CA plug-in version 1.0.1 for wireshark 0.99.8 with proper association of channel name to server/client/subscription ID.

Presentation at Shanghai EPICS Collaboration Meeting (Mar.2008)
Wireshark CA Plug-in - EPICS Channel Access Dissector (Masanori Satoh, Kazuro Furukawa)

Paper and Poster at PCaPAC2008 (Oct.2008)
Network Analyser for the EPICS Channel Access Protocol [Poster] , [Paper] (Klemen Zagar, Anze Zagar, Kazuro Furukawa, Ron Rechenmacher)

CA Protocol Specification (May.2004, Mar.2008)
Spec. at Cosylab

Wireshark Web
Web page and Source files

[Top]   [Screenshot]   [V1.0.3]   [V1.0.2]   [V1.0.1]   [Old-versions]   [Background]  


Tweet Clip to Evernote    
Kazuro Furukawa <[email protected]>, Dec.25.2007-Oct.26.2013.
[ Linux ]   [ Darwin ]   [ Win32 ]   [ Tru64unix ]  
[ Main ]   [ Linac-Controls ]   [ KEKB-Controls ]   [ J-Parc-Controls ]   [ e-Linac-Ext ]   [ e-Linac-Int ]   [ KEKB ]   [ J-PARC ]   [ Accelerator ]   [ KEK ]   [ EPICS ]