Channel Access Plugin for Wireshark

The EPICS Channel Access plugin for the popular Wireshark network analyzer allows convenient analysis of CA protocol's messages.

Download

Usage

First, download the binary and install it in Wireshark. Alternatively, build the binary from sources yourself if pre-built binary for your platform is not available.

Then, start Wireshark normally and capture network traffic containing CA messages or open a trace file that contains CA messages.

All header fields are dissected. Of particular interest is the field ca.channel which contains the name of the EPICS channel. This field is present on all packets of a virtual channel and is useful for filtering all traffic related to a given channel. You may also use wildcards for the channel name, e.g. with a filter such as:

ca.channel matches "LI.*:BTELE.*:MA"

Here, dot matches a single char, and an asterisk matches 0, two or more characters (but not 1 character; to match 1 or more, use .*).

Notes:

CA traffic must be using UDP and TCP port 5064.
Payload is not dissected. Use standard EPICS tools such as caget to view the dissected payload.

Installing Plugin

These instructions assume that you have already installed and configured Wireshark on your computer. Also, you must have installed all the required dependencies of Wireshark (e.g., the packet capture library WinPCap on Windows).

Note: you need to restart Wireshark after you install the plugin.

Linux

Copy file ca.so to /usr/lib/wireshark/plugins or $HOME/.wireshark/plugins directory.

Windows

Copy file ca.dll to plugins subdirectory of your Wireshark installation.

Building CA Plugin

Linux

# Download and install Wireshark.
wget http://www.wireshark.org/download/src/wireshark-0.99.8.tar.gz
tar -xzf wireshark-0.99.8.tar.gz
cd wireshark-0.99.8

# Extract CA plugin's files here (ensure .tar.gz is where expected)
tar -xzf ../wireshark-ca-1.0.1-src.tar.gz
# Apply patches required by CA plugin.
patch -p1 < ../wireshark-0.99.8-ca-1.0.1.patch

# Configure Wireshark build.
# NOTE: Configure might require additional packages to be installed
# on your system, e.g., libpcap-devel.
./autogen.sh
./configure

# Build CA plugin.
# You just need to have Wireshark installed and ./configured to build
# the CA plugin. Alternatively, you can rebuild entire wireshark by
# running make from the parent folder
cd plugins/ca
make

Windows

Download and unpack Wireshark sources from the Wireshark web site.
Download and unpack the CA plugin source code and patch. The plugin sources should be unpacked in the Wireshark sources directory.
Apply the patch (Cygwin shell): patch -p1 < wireshark-0.99.8-ca.patch
Build the Wireshark on Windows as described on the Wireshark web site.
If you are using Visual Studio 2005, and you are building a redistributable binary, change option /MD to /MT in file config.nmake (around line 400). Otherwise, a Visual Studio C library would be dynamically referenced.
Make the plugin:
```
cd plugins/ca
nmake -f Makefile.nmake
```

Revision History

Date	Author	Description
March 2006	Ron Rechenmacher, FNAL	Initial release.
March 17th, 2008	Cosylab (sponzored by Kazuro Furukawa of KEKB and KEK-Linac)	Version 1.0.1: Proper association of channel name to server/client channel ID.	January 25th, 2008	Cosylab (sponzored by Kazuro Furukawa of KEKB and KEK-Linac)	Version 1.0.0: Dissection of all CA protocol fields. Extraction of channel name.