How to take a network capture using Wireshark


Wireshark is a free and open source packet analyzer that can be used to look at DDS traffic when debugging an issue. Sometimes RTI’s Support team will ask for a network capture when working to resolve an issue reported by a customer. While we have a more comprehensive Using Wireshark with RTI Connext Systems guide available, this article simply details how to most effectively capture all necessary network traffic that you or our Support team will need to debug an issue. Please read through each of the below sections before sending a capture to our Support team: 


  1. Disable SHMEM transport 

DDS traffic on the shared memory transport cannot be captured by Wwireshark. If multiple participants on the same machine are relying on shared memory to communicate, then the shared memory transport must be disabled so this traffic goes over the UDPv4 transport on the loopback interface (lo or lo0 on most machines). Shared memory is enabled by default so it must be disabled with the following QoS snippet: 

        <mask>UDPv4</mask> // set mask to only use UDPv4


  1. Set up Wireshark to capture on all interfaces 

Before starting a network capture, make sure network traffic is being captured on the full range of interfaces in use on the machine the capture is being taken on. When opening wireshark, there is a list of the interfaces to capture network traffic on. Shift-click to select multiple interfaces. 

Although user data won’t be sent over every found interface, participant discovery traffic (DATA(p) packets) will be sent over all interfaces. It’s best to capture traffic on all available interfaces so no traffic is missed. 


  1. Start capture before application start

If possible, the network capture should be started prior to starting all DDS applications in the system. On application start, discovery traffic (DATA(p), DATA(r), and DATA(w) packets) is sent out to start communication between all applications. Wireshark’s packet dissector uses data in the discovery traffic, specifically DATA(r) and DATA(w) packets, to dissect user data packets that are sent over the wire. If the capture is started after this information is sent, then user data will not be dissected fully. This is not necessarily a deal breaker, customers sometimes find themselves in a situation where a capture needs to be taken in the middle of their applications’ runtimes. However it is best to capture all available data when possible as this saves time during the debugging process.