[zeromq-dev] testing of tcpdump decoder of ZeroMQ wire protocol

Denis Ovsienko infrastation at yandex.ru
Fri Mar 15 12:20:37 CET 2013


Hello, list.

There are commits in the git master branch of the tcpdump packet analyzer adding support for the "tcp://" protocol schema of ZeroMQ (ZMTP/1.0 framing inside TCP segments produced by zeromq library version 2.x):
https://github.com/mcr/tcpdump

There are also additional commits (not yet merged into master) improving ZeroMQ coverage up to "pgm://" and "epgm://" protocol schemas (ZMTP/1.0 framing inside a ZeroMQ datagram inside [E]PGM packets produced by zeromq library versions 2.x and 3.x):
https://github.com/infrastation/tcpdump

Guido Goldstein has suggested that I request broader testing of this decoder on the zeromq-dev mailing list. To watch the new decoder in action it is necessary to compile the modified source code as follows:

git clone git://github.com/infrastation/tcpdump.git && cd tcpdump
./configure && make

Particular set of command-line flags depends on what is being decoded:

* "tcp://"
./tcpdump -ni eth0 -T zmtp1 tcp port 5555
(prepend "-v" to hex-dump up to 128 first bytes of each frame, prepend "-v -v" to hex-dump all bytes of each frame)

* "pgm://"
./tcpdump -v -ni eth0 -T pgm_zmtp1 ip proto pgm
(same as above, except without "-v" the decoder doesn't get past PGM)

* "epgm://"
./tcpdump -v -ni eth0 -T pgm_zmtp1 udp port 5555
(same as above)

To make this code better, please test it on your live ZeroMQ packets and let me know if it doesn't work for a particular case. Please note that the ZMTP/2.0 framing used by zeromq library version 3.x for "tcp://" schema is not supported by the current version of this decoder.

Thank you.

-- 
    Denis Ovsienko



More information about the zeromq-dev mailing list