Wireshark with EPICS Channel Access Dissector

[Screenshot]   [V1.0.1]   [V1.0.0d]   [V1.0.0c]   [V1.0.0b]   [V1.0.0]   [Jan.19.2008]   [Dec.24.2007]   [Background]   [Bottom]

The EPICS Channel Access plugin for the popular Wireshark network analyzer provides convenient analysis of EPICS CA messages. It was planned at KEKB/Linac, and Klemen Zagar and Anze Zagar at Cosylab have implemented the analyser based on the original work by Ron Rechenmacher at Fermilab.

The CA plugin dissects all CA header fields, and the channel name is also tracked along the virtual circuit. Those fields and channel names can be specified in the filter expression to search the packets of particular interest. Slightly more detailed description is available.

Please send your bug reports and comments to Kazuro.Furukawa at KEK.jp.

Screen shot

Typical screen shot. Packets are captured for EPICS CA protocol with a capture filter of (port 5064 or port 5065). Then those event_add commands/responses are displayed with a display filter of (ca.cmd == CA_PROT_EVENT_ADD). The corresponding channel name is tracked and displayed.

V1.0.1, production version with Wireshark 0.99.8 or 0.99.7

by Klemen and Anze Zagar at CosyLab

CA plug-in source for wireshark
wireshark-ca-1.0.1.tar.gz

Patch against wireshark-0.99.8 and -0.99.7 for CA plug-in
wireshark-0.99.8-ca-1.0.1.patch
wireshark-0.99.7-ca-1.0.1.patch

Original Wireshark source
wireshark-0.99.8 source at wireshark.org, wireshark-0.99.8.tar.bz2 local copy
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.8.tar.bz2
cd wireshark-0.99.8

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.1.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.8-ca-1.0.1.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.8-ca-make1.log
./configure --prefix=/usr/new --with-pcre=/sw | & tee ../wireshark-0.99.8-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.8-ca-make3.log
make check | & tee ../wireshark-0.99.8-ca-make4.log
sudo make install | & tee ../wireshark-0.99.8-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-03-13 -cjf ~/wireshark-ca-20080313-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.8/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on Fedora Core 7.
ca-rhl9.so, ca plugin built on RedHat-9.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Wireshark binaries for Unix

Wireshark binary for MacOSX-10.4 Darwin X86
wireshark-0.99.8-ca-1.0.1-darwinx86.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for MacOSX-10.4 Darwin PowerPC
wireshark-0.99.8-ca-1.0.1-darwinppc.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for Linux X86
wireshark-0.99.7-ca-1.0.1-linuxx86.tar.bz2, full binary.
shared library dependencies of wireshark executable
build log files.
It was build on a RedHat-9/Linux-2.4/X86 system, it may run on any later version of Linux.
If you are brave enough to use above binary package, here is a hint.
mkdir /usr/new ; cd /usr/new
tar xjf .../wireshark-0.99.7-ca-1.0.1-linuxx86.tar.bz2
(on newer distributions, you may also need to do 
ln -s libpcap.so.0.8 /usr/lib/libpcap.so.0.6.2
or something like this.  It seems that the binary runs even on RHEL4.)

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

CA plugin binaries for Windows

ca.dll, ca plugin.
Original wireshark binary

Installation
Copy the file ca.dll to plugins subdirectory of your Wireshark installation.

V1.0.0d, production version with Wireshark 0.99.8 or 0.99.7

by Klemen Zagar at CosyLab

CA plug-in source for wireshark
wireshark-ca-1.0.0d.tar.gz

Patch against wireshark-0.99.8 and -0.99.7 for CA plug-in
wireshark-0.99.8-ca-1.0.0.patch
wireshark-0.99.7-ca-1.0.0.patch

Original Wireshark source
wireshark-0.99.8 source at wireshark.org, wireshark-0.99.8.tar.bz2 local copy
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.8.tar.bz2
cd wireshark-0.99.8

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.0d.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.8-ca-1.0.0.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.8-ca-make1.log
./configure --prefix=/usr/new --with-pcre=/sw | & tee ../wireshark-0.99.8-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.8-ca-make3.log
make check | & tee ../wireshark-0.99.8-ca-make4.log
sudo make install | & tee ../wireshark-0.99.8-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-03-13 -cjf ~/wireshark-ca-20080313-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.8/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on RedHat-9.
fc-ca.so, ca plugin built on Fedora Core 7.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

V1.0.0c, production version with Wireshark 0.99.8 or 0.99.7

by Klemen Zagar at CosyLab

CA plug-in source for wireshark
wireshark-ca-1.0.0c.tar.gz

Patch against wireshark-0.99.8 and -0.99.7 for CA plug-in
wireshark-0.99.8-ca-1.0.0.patch
wireshark-0.99.7-ca-1.0.0.patch

Original Wireshark source
wireshark-0.99.8 source at wireshark.org, wireshark-0.99.8.tar.bz2 local copy
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.8.tar.bz2
cd wireshark-0.99.8

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.0c.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.8-ca-1.0.0.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.8-ca-make1.log
./configure --prefix=/usr/new --with-pcre=/sw | & tee ../wireshark-0.99.8-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.8-ca-make3.log
make check | & tee ../wireshark-0.99.8-ca-make4.log
sudo make install | & tee ../wireshark-0.99.8-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-03-09 -cjf ~/wireshark-ca-20080309-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.8/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on RedHat-9.
fc-ca.so, ca plugin built on Fedora Core 7.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

V1.0.0b, production version with Wireshark 0.99.8

by Klemen Zagar at CosyLab and Kazuro Furukawa at Kek

CA plug-in source for wireshark
wireshark-ca-1.0.0b.tar.gz

Patch against wireshark-0.99.8 for CA plug-in
wireshark-0.99.8-ca-1.0.0b.patch

Original Wireshark source
wireshark-0.99.8 source at wireshark.org, wireshark-0.99.8.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.8.tar.bz2
cd wireshark-0.99.8

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.0b.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.8-ca-1.0.0b.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.8-ca-make1.log
./configure --prefix=/usr/new --with-pcre=/sw | & tee ../wireshark-0.99.8-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.8-ca-make3.log
make check | & tee ../wireshark-0.99.8-ca-make4.log
sudo make install | & tee ../wireshark-0.99.8-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-03-09 -cjf ~/wireshark-ca-20080309-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.8/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on RedHat-9.
fc-ca.so, ca plugin built on Fedora Core 7.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

CA plugin binaries for Windows

ca.dll, ca plugin.
Original wireshark binary

Installation
Copy the file ca.dll to plugins subdirectory of your Wireshark installation.

V1.0.0, third and production version on Feb.8.2008

by Klemen Zagar at CosyLab

CA plug-in source for wireshark
wireshark-ca-1.0.0.tar.gz

Patch against wireshark-0.99.7 for CA plug-in
wireshark-0.99.7-ca-1.0.0.patch

Original Wireshark source
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local copy

Build Memo for Unix
tar -xjf wireshark-0.99.7.tar.bz2
cd wireshark-0.99.7

# Extract CA plugin's source files.
tar -xzf ../wireshark-ca-1.0.0.tar.gz
# Apply patches required by CA plugin.
patch -b -p1 < ../wireshark-0.99.7-ca-1.0.0.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh |& tee ../wireshark-0.99.7-ca-make1.log
./configure --prefix=/usr/new | & tee ../wireshark-0.99.7-ca-make2.log

# Build Wireshark with CA plugin.
make | & tee ../wireshark-0.99.7-ca-make3.log
make check | & tee ../wireshark-0.99.7-ca-make4.log
sudo make install | & tee ../wireshark-0.99.7-ca-make5.log

# Alternatively, you can build just CA plugin.
cd plugins/ca
make

# Full binaries in the following section are created like this.
cd /usr/new
tar --newer=2008-02-08 -cjf ~/wireshark-ca-20080208-xxx.tar.bz2 .
CA plugin binaries for Unix

If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.7/".

CA plugin binary for MacOSX-10.4 Darwin X86
ca.so, ca plugin.

CA plugin binary for MacOSX-10.4 Darwin PowerPC
ca.so, ca plugin.

CA plugin binary for Linux X86
ca.so, ca plugin built on RedHat-9.
fc-ca.so, ca plugin built on Fedora Core 7.

Installation
Copy the file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Wireshark binaries for Unix

Wireshark binary for MacOSX-10.4 Darwin X86
wireshark-ca-20080208-darwinx86.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for MacOSX-10.4 Darwin PowerPC
wireshark-ca-20080208-darwinppc.tar.bz2, full binary which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for Linux X86
wireshark-ca-20080208-linuxrh9.tar.bz2, full binary.
shared library dependencies of wireshark executable
build log files.
It was build on a RedHat-9/Linux-2.4/X86 system, it may run on any later version.
If you are brave enough to use above binary package, here is a hint.
mkdir /usr/new ; cd /usr/new
tar xjf .../wireshark-ca-20080208-linuxrh9.tar.bz2
(on newer distributions, you may also need to do 
ln -s libpcap.so.0.8 /usr/lib/libpcap.so.0.6.2
or something like this.  It seems that the binary runs even on RHEL4.)

Build Memo for Windows
# Prepare the patched Wireshark source directory as described in the Unix section above. 
# You may need Cygwin tools.
# If you are using Visual Studio 2005, and you are building a redistributable binary, 
# change option /MD to /MT in file config.nmake, line 402. 
# Otherwise, a Visual Studio C library would be dynamically referenced.
# Build the Wireshark on Windows as described at the Wireshark web site.
# Then, build the plugin.
cd plugins/ca
nmake -f Makefile.nmake

CA plugin binaries for Windows

ca.dll, ca plugin.
Original wireshark binary

Installation
Copy the file ca.dll to plugins subdirectory of your Wireshark installation.

Second version on Jan.19.2008

by Klemen Zagar at CosyLab

CA plug-in source for wireshark
ca-plugin.tar.gz

Patch against wireshark-0.99.7 for CA plug-in
wireshark-0.99.7-ca.patch

Original Wireshark source
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local coopy

Build Memo
tar -xjf wireshark-0.99.7.tar.bz2
cd wireshark-0.99.7
tar -xzf ../ca-plugin.tar.gz
patch -b -p1 < ../wireshark-0.99.7-ca.patch
./autogen.sh |& tee ../wireshark-0.99.7-ca-make1.log
./configure --prefix=/usr/new | & tee ../wireshark-0.99.7-ca-make2.log
make | & tee ../wireshark-0.99.7-ca-make3.log
make check | & tee ../wireshark-0.99.7-ca-make4.log
sudo make install | & tee ../wireshark-0.99.7-ca-make5.log

cd /usr/new
tar --newer=2008-01-19 -cjf ~/wireshark-ca-20080119-xxx.tar.bz2 .
Wireshark binary for MacOSX-10.4 Darwin X86
ca.so.
wireshark-ca-20080119-darwinx86.tar.bz2, which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for Linux X86
ca.so.
wireshark-ca-20080119-rh9.tar.bz2.
shared library dependencies of wireshark executable
build log files.
It was build on a RedHat-9/Linux-2.4/X86 system, it may run on any later version.
If you have wireshark installed, you can simply copy "ca.so" to your plugin directory such as "/usr/local/lib/wireshark/plugins/0.99.7/".
If you are brave enough to use above binary package, here is a hint.
mkdir /usr/new ; cd /usr/new
tar xjf .../wireshark-ca-20080119-rh9.tar.bz2
(on newer distributions, you may also need to do 
ln -s libpcap.so.0.8 /usr/lib/libpcap.so.0.6.2
or something like this.  It seems that the binary runs even on RHEL4.)

Initial version on Dec.24.2007

by Klemen Zagar at CosyLab

CA plug-in for wireshark
ca-plugin.tar.gz

Patch against wireshark-0.99.7 for CA plug-in
wireshark-0.99.7-ca.patch

Original Wireshark source
wireshark-0.99.7 source at wireshark.org, wireshark-0.99.7.tar.bz2 local coopy

ca.so binary for Linux 2.6
ca.so

Build Memo
tar -xjf wireshark-0.99.7.tar.bz2
cd wireshark-0.99.7
tar -xzf ../ca-plugin.tar.gz
patch -b -p1 < ../wireshark-0.99.7-ca.patch
./autogen.sh |& tee ../wireshark-0.99.7-ca-make1.log
./configure --prefix=/usr/new | & tee ../wireshark-0.99.7-ca-make2.log
make | & tee ../wireshark-0.99.7-ca-make3.log
make check | & tee ../wireshark-0.99.7-ca-make4.log
make install | & tee ../wireshark-0.99.7-ca-make5.log
sudo make install | & tee ../wireshark-0.99.7-ca-make6.log

cd /usr/new
tar --newer=2007-12-24 --exclude=\*lib/lv\* -czf ~/wireshark-ca-darwin-x86.tar.gz .
Wireshark binary for MacOSX-10.4 Darwin X86
wireshark-ca-darwin-x86.tar.gz, which needs fink gtk etc.
shared/dynamic library dependencies of wireshark executable
build log files

Wireshark binary for RH9 Linux-2.4 X86
wireshark-ca-rh9-x86.tar.gz.
shared library dependencies of wireshark executable
build log files

Background

Aug.2006. (tech-talk)
CA Sniffer by Ned Arnold etc.

Aug.2007.
Discussion with local companies on tcpdump extension for channel access analysis (without knowing the tech-talk discussion above, I should have searched tech-talk).

Oct.2007. (icalepcs2007)
Discussion with Bob Dalesio, Jeff Hill and Andrew Johnson. (sill without knowing the tech-talk discussion above). Bob suggested me to discuss with Cosylab. Mails were exchanged with Mark Plesko and Klemen Zagar at Cosylab. At first Java-based text oriented tool was considered.

Nov.2007. (tech-talk)
CA protocol dissector by Ron Rechenmacher. Initial implementation of CA plug-in for ethereal.

Nov.2007. (Ron's KEK visit)
Exchanged some more ideas with Ron at KEK. While my original intension was a text-based analyzer, Ron pointed out that the text-based command tshark is a part of wireshark.

Dec.2007.
Contract for wireshark CA plug-in with Cosylab, based on the development by Ron Rechenmacher.

Feb.2008.
CA plug-in version 1.0.0 for wireshark 0.99.7 with all CA protocol dissection.

Mar.2008.
CA plug-in version 1.0.0b,c,d for wireshark 0.99.8 with minor bug fixes.

Mar.2008.
CA plug-in version 1.0.1 for wireshark 0.99.8 with proper association of channel name to server/client/subscription ID.

Presentation at Shanghai EPICS Collaboration Meeting (Mar.2008)
Wireshark CA Plug-in - EPICS Channel Access Dissector

CA Protocol Specification (May.2004, Mar.2008)
Spec. at Cosylab

Wireshark Web
Web page and Source files

[Top]   [Screenshot]   [V1.0.1]   [V1.0.0d]   [V1.0.0c]   [V1.0.0b]   [V1.0.0]   [Jan.19.2008]   [Dec.24.2007]   [Background]  


[Please Comment on This Page]
Kazuro Furukawa <[email protected]>, Dec.25.2007-Mar.21.2008.
[ Linux ]   [ Darwin ]   [ Win32 ]   [ Tru64unix ]  
[ Main ]   [ Linac-Controls ]   [ KEKB-Controls ]   [ J-Parc-Controls ]   [ e-Linac-Ext ]   [ e-Linac-Int ]   [ KEKB ]   [ J-PARC ]   [ Accelerator ]   [ KEK ]   [ EPICS ]