Wireshark/tshark Plugin in C for RSocket.
NOTE: This is a work in progress.
Currently it supports all RSocket frames, except resumption.
- Download Wireshark source-code.
- Create rsocket directory inside wireshark/plugins/epan folder.
- Download/Clone source code from this repo into the rsocket folder.
- Inside wireshark folder, create CMakeListsCustom.txt and add the line.
set(CUSTOM_PLUGIN_SRC_DIR plugins/epan/rsocket)
- Follow the build instructions of Wireshark for your OS setup
- Copy the built rsocket.so to the Plugins folder of wireshark. This depends on OS - on macOS it is typically ~/.config/wireshark/plugins or ~/.wireshark/plugins.
- This code has been tested with latest stable release of Wireshark (2.2.5).
- To enable RSocket dissector in Wireshark, go to Analyze -> Decode As in Wireshark UI and add identifiers for your packet flow (say TCP port). Select RSocket as the decoding protocol.