Wireshark for RTI Connext DDS
Wireshark is a network protocol analyzer. It allows you to look at all the packets in an RTI network and capture the ones you want. The graphical display shows packets as they arrive, dissects packet contents and graphs the output for easy analysis.
Uses include:
- Seeing all the DDS traffic for a given time period.
- Watching the interaction between RTI Connext DDS and other traffic.
- Plotting I/O graphs in order to view and compare bandwidth utilization of different types of traffic.
- Debugging network problems.
Download Wireshark
RTI is an active member of Wireshark's developer community, providing fixes and enhancements to Wireshark's RTPS dissector. These changes are integrated in the latest official release of Wireshark, which you can download from: https://www.wireshark.org/download.html. The guide, Using Wireshark with Connext DDS, can help you understand how to use Wireshark with RTI Connext DDS systems.
Configuring Wireshark to Highlight RTPS Packets
Wireshark provides custom coloring rules that can be configured in the Main Menu > View > Coloring rules. For instance, these are the ones provided by default:
We have two ways to modify these coloring rules.
Method 1. Importing the filters file through the GUI
In order to do this, we just need to add them manually in the window above. The result should be like this:
Method 2. Modifying the "colorfilters" file.
At the end, the content is recorded in a file named "colorfilters". By default, this file can be found in:
- Windows
C:\Program Files (x86)Wireshark\colorfilters - Linux
It depends on the distribution. Typically, /usr/share/wireshark/colorfilters or /usr/local/share/wireshark/colorfilters - OSX
/Applications/wireshark.app/Contents/Resources/share/wireshark/colorfilters
Although the content of this file says "DO NOT MODIFY", there is no risk in performing this change. We need to add this at the beginning of the file (after the comment):
# DO NOT EDIT THIS FILE! It was created by Wireshark @RTI TCP@rtitcp&&!rtps@[65535,65535,65535][23690,0,65535] @NDDS Ping@udp[16-23] == "NDDSPING"@[65535,65535,65535][0,32639,1676] @User traffic@(rtps.sm.wrEntityId.entityKind == 0x02) || (rtps.sm.wrEntityId.entityKind == 0x03)@[65535,65535,65535][43801,2639,5300] @Meta traffic@(rtps.sm.wrEntityId.entityKind == 0xc2) || (rtps.sm.wrEntityId.entityKind == 0xc3)@[65535,65535,65535][7710,6930,44581] @Non-RTPS traffic@!rtps@[65535,65535,65535][35939,35939,35939]
You can download here the resulting file in case you prefer to simply replace your current one. Remove the .txt extension if you do so.
If you experience any issue when changing the coloring rules, please email support@rti.com.
Capturing User Data Traffic
By default, RTI Connext enables the shared memory transport alongside UDP. When two DomainParticipants run on the same host, they typically communicate over shared memory. Because shared memory traffic does not pass through a network interface, Wireshark and Tshark cannot capture it. Discovery traffic (multicast UDP) may be visible in your capture, but user data may still be absent.
To capture user data traffic with Wireshark, you have two options:
Option 1: Disable the shared memory transport
Add the following snippet to your QoS XML configuration to force all communication onto UDP:
<domain_participant_qos>
<transport_builtin>
<mask>UDPv4</mask>
</transport_builtin>
</domain_participant_qos>
Note: Remember to remove this setting when you are done debugging because shared memory provides significantly better performance for same-host communication.
Option 2: Use RTI Connext Network Capture
Connext includes a built-in Network Capture feature that can capture traffic on all transports, including shared memory. When enabled, each DomainParticipant generates a pcap file that can be opened in Wireshark. See the Network Capture chapter in the RTI Connext Core Libraries User's Manual.
For more detailed information, see Using Wireshark with RTI Connext Systems.