How-To: Etherbone with Wireshark

Introduction

Wireshark might be useful when you need to inspect Etherbone packages sent via Ethernet, see here. Here are a few hints go get this working.

Etherbone Dissector

The EB dissector 'etherbone.lua' is available in the repository. Try the following to get a local installation:
  • install package 'wireshark' (Mint 19.1 / Ubuntu Bionic; this triggers the installation of a couple of additional packages)
  • install additional package 'liblua5.1-bitop0' (Mint 19.1 / Ubuntu Bionic)
  • edit 'etc/wireshark/init.lua' and add the dissector at the end of 'init.lua':
if not running_superuser or run_user_scripts_when_superuser then
    dofile(DATA_DIR.."console.lua")
    dofile("/home/yourUserName/folder/etherbone.lua")       // just add this line
end
--dofile(DATA_DIR.."dtd_gen.lua")

Note: Depending on you wireshark installation, you may need to apply a minor fix to 'etherbone.lua' which is described here.

Usage

View Data
Try
sudo tcpdump -p -K -n -i <network interface> -s 0 -w trace.pcap
to capture data from your network interface to file 'trace.pcap'.

Then, fire up 'wireshark' as normal user and inspect the 'pcap' file.

Inspecting Large Files
In case of large files, the 'etherbone.lua' script slows down processing data with wireshark. Consider disabling the Etherbone protocol (Menu -> Analyze -> Enabled Protocols) when not inspecting the contents of Etherbone packets.

-- DietrichBeck - 11 Oct 2019
Topic revision: r3 - 11 Oct 2019, DietrichBeck
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback