Configuring Wireshark to Quickly Analyze RTI Connext Traffic

Wireshark is an essential tool for optimizing and debugging RTI Connext but can be extremely intimidating to someone who is not familiar with Wireshark or who is not familiar with analyzing DDS/RTPS traffic in Wireshark.  The goal of this post is to provide you with tools, techniques, and links to additional resources that will accelerate your ability to analyze DDS traffic. 

It is very important to start your packet capture before starting your DDS applications so that you can capture all discovery information, which makes analysis in Wireshark substantially easier.  If you don't start the capture prior to starting your DDS applications, you can use a tool like RTI DDS Spy to manually trigger discovery traffic and Wireshark will be able to retroactively apply the necessary discovery metadata in post-processing.

Tools and Configuration

• Color Rules: Color rules are the first item you should configure to successfully analyze PCAPs.  This allows you very quickly visually differentiate discovery traffic from user data traffic.
• Display Filters: Display filters help you quickly find the needle in the haystack when searching through seemingly endless frames in a PCAP.  
• Dissect User Data: If you share type info during discovery, Wireshark is able to dissect the embedded traffic, although this is not enabled by default.  See the example below: 

The zip file attached below is pre-configured with both the color rules, display filters, and non-default preferences required for analyzing DDS traffic in a PCAP.  You can add this profile to Wireshark by selecting Edit >> Configuration Profiles and at the bottom of the window, select Import >> From Zip File...

Techniques

• Display Filter Strategies: Display filters are essential to reduce the visable frames, and the profile above will provide you the necessary display filters for analyzing the PCAP.  A few examples of how to apply display filters:
• If you want to find all participant discovery traffic, you would simply select Discovery>>DATA(p) for the resulting filter of  rtps.sm.wrEntityId == 0x000100c2.
• If you want to identify all piggyback heartbeats of your user data, you would select: DATA and Submessages>>HEARTBEAT and Submessages>>DATA for a resulting filter of  (((rtps.sm.wrEntityId.entityKind == 0x02) || (rtps.sm.wrEntityId.entityKind == 0x03)) && (rtps.sm.id == 0x07)) && (rtps.sm.id == 0x15).

Note that you can right-click on any of these pre-defined filters and chain them together first by selecting Apply as Filter or Prepare as Filter and then selecting the the boolean logic you wish to use to apply the filter.  Apply as Filter applies the filter immediately, whereas Prepare as Filter allows you to chain multiple filters together before the filter is applied.  When working with large PCAP files, Prepare as Filter is preferred to prevent extended processing time to apply the filter every time it changes.

• Colorize with Filter: A common challenge when analyzing PCAPs is identify and segment traffic from one participant versus another.  Wireshark has a very useful feature to visual different participants in the PCAP called Colorize with Filter.  You can select any property in a frame, right click, select Colorize with Filter and then select a color.  After applying the color filter to one participant GUID, you can apply a different color filter to a different participant.  The screenshot below shows the color filter being applied to  rtps.guidPrefix.src to differentiate between participants.  For another common case, your could filter on  rtps.guid to colorize all frames from a specific writer.

Additional Resources

• DDS Protocols Training: Understanding the Discovery and Reliability protocols are essential for debugging and optimizing DDS traffic with Wireshark.  RTI's Academy training on the discovery and reliability protocols will help you gain the required knowledge for analyzing PCAPs.
• Additional Wireshark Training in RTI Academy
• Wirechart: Wirechart is a Python application that will read in PCAP(NG) files, analyze the DDS traffic, and provide charts and graphs to help you optimize your RTI Connext applications.
• RTI Services Engineers: RTI services engineers are an excellent resource to help you analyze your PCAP files and provide further guidance on searching your PCAP or identifying opportunities for optimization.