[zeromq-dev] testing of tcpdump decoder of ZeroMQ wire protocol
Denis Ovsienko
infrastation at yandex.ru
Fri Mar 15 12:20:37 CET 2013
Hello, list.
There are commits in the git master branch of the tcpdump packet analyzer adding support for the "tcp://" protocol schema of ZeroMQ (ZMTP/1.0 framing inside TCP segments produced by zeromq library version 2.x):
https://github.com/mcr/tcpdump
There are also additional commits (not yet merged into master) improving ZeroMQ coverage up to "pgm://" and "epgm://" protocol schemas (ZMTP/1.0 framing inside a ZeroMQ datagram inside [E]PGM packets produced by zeromq library versions 2.x and 3.x):
https://github.com/infrastation/tcpdump
Guido Goldstein has suggested that I request broader testing of this decoder on the zeromq-dev mailing list. To watch the new decoder in action it is necessary to compile the modified source code as follows:
git clone git://github.com/infrastation/tcpdump.git && cd tcpdump
./configure && make
Particular set of command-line flags depends on what is being decoded:
* "tcp://"
./tcpdump -ni eth0 -T zmtp1 tcp port 5555
(prepend "-v" to hex-dump up to 128 first bytes of each frame, prepend "-v -v" to hex-dump all bytes of each frame)
* "pgm://"
./tcpdump -v -ni eth0 -T pgm_zmtp1 ip proto pgm
(same as above, except without "-v" the decoder doesn't get past PGM)
* "epgm://"
./tcpdump -v -ni eth0 -T pgm_zmtp1 udp port 5555
(same as above)
To make this code better, please test it on your live ZeroMQ packets and let me know if it doesn't work for a particular case. Please note that the ZMTP/2.0 framing used by zeromq library version 3.x for "tcp://" schema is not supported by the current version of this decoder.
Thank you.
--
Denis Ovsienko
More information about the zeromq-dev
mailing list