Wireshark for RTI Connext DDS

Wireshark is a network protocol analyzer. It allows you to look at all the packets in an RTI network and capture the ones you want. The graphical display shows packets as they arrive, dissects packet contents and graphs the output for easy analysis.

Uses include:

  • Seeing all the DDS traffic for a given time period
  • Watching the interaction between RTI Connext DDS and web services traffic

Download Wireshark

RTI is an active member of Wireshark's developer community, providing fixes and enhancements to Wireshark's RTPS dissector. These changes are integrated in the latest official release of Wireshark, which you can download from: https://www.wireshark.org/download.html.

Wireshark RTPS Dissector

Configuring Capture Filters

Capture filters boost performance and reduce memory consumption when analyzing RTPS traffic.

To add a new capture filter for RTPS traffic in Wireshark, go to Capture >> Capture Filters, click on the "+" button, and add the following expression:

icmp || (udp[8] & 0x52 == 0x52 && udp[9] & 0x54 == 0x54 && udp[10] & 0x50 == 0x50)

This will configure Wireshark to filter RTPS traffic over UDP (i.e., UDP traffic where the payload begins with "RTPS" or "RTPX") and ICMP traffic (good for debugging purposes).

Capture Filters

Note: To capture both standard RTPS messages and Connext DDS Default Domain Announcements, which begin with "RTPS" and "RTPX" respectively, the filter is actually configured to match payloads of UDP datagrams starting with "R" (0x52), "T" (0x54), P (0x50).

To enable the newly created capture filter, first select the network interface and then the capture filter by clicking the green icon (the network interface must be selected before the capture filter).

Capture Interfaces

If the filter is highlighted in green, then the filter will compile and will work. In case of an error, the filter will be highlighted in red.

Configuring Wireshark to Highlight RTPS Packets

Wireshark provides custom coloring rules that can be configured in the Main Menu > View > Coloring rules. For instance, these are the ones provided by default:

We have two ways to modify these coloring rules.

Method 1. Modifying the Coloring rules manually in the GUI

In order to do this, we just need to add them manually in the window above. The result should be like this:

Method 2. Modifying the "colorfilters" file.

At the end, the content is recorded in a file named "colorfilters". By default, this file can be found in:

  • Windows
    C:\Program Files (x86)Wireshark\colorfilters

  • Linux
    It depends on the distribution. Typically, /usr/share/wireshark/colorfilters or /usr/local/share/wireshark/colorfilters

  • OSX
    /Applications/wireshark.app/Contents/Resources/share/wireshark/colorfilters

Although the content of this file says "DO NOT MODIFY", there is no risk in performing this change. We need to add this at the beginning of the file (after the comment):

# DO NOT EDIT THIS FILE!  It was created by Wireshark

@RTI TCP@rtitcp&&!rtps@[65535,65535,65535][23690,0,65535]
@NDDS Ping@udp[16-23] == "NDDSPING"@[65535,65535,65535][0,32639,1676]
@User traffic@(rtps.sm.wrEntityId.entityKind == 0x02) || (rtps.sm.wrEntityId.entityKind == 0x03)@[65535,65535,65535][43801,2639,5300]
@Meta traffic@(rtps.sm.wrEntityId.entityKind == 0xc2) || (rtps.sm.wrEntityId.entityKind == 0xc3)@[65535,65535,65535][7710,6930,44581]
@Non-RTPS traffic@!rtps@[65535,65535,65535][35939,35939,35939]

You can download here the resulting file in case you prefer to simply replace your current one. Remove the .txt extension if you do so.

If you experience any issue when changing the coloring rules, please email support@rti.com.