This is a Lua dissector written for the ZMTP protocol. It supports both the "new" protocol (ZMTP version 3.0 and later), as well as the older version 2.
It supports the NULL and PLAIN authentication mechanisms.
This dissector requires Lua 5.2 or newer.
mkdir -p ~/.config/wireshark/plugins
git clone https://github.com/whitequark/zmtp-wireshark ~/.config/wireshark/plugins/zmtp-wireshark
As ZeroMQ ports are inherently application-specific, you need to use "Decode As -> ZMTP" on your zeromq packets. Alternatively, subdissectors can register the ZMTP dissector on specific TCP ports to automate decoding.
You can use expression zmtp to filter packets. TCP segments are automatically reassembled.
If you get frame errors, especially when capturing on lo, the problem is that libpcap cannot
capture packets over 64 KiB (relevant bug);
do sudo ip link set lo mtu 65500.
This dissector supports calling subdissectors for an application-level protocol. As ZMTP does not have a generic way of specifying the inner protocol, the mapping is done using TCP ports.
A subdissector that wishes to observe ZMTP frames must register itself in the zmtp.protocol
dissector table, using the TCP port as a key. Both source and dest ports are checked, so
bidirectional links (request/response, for example) will need a dissector that can decode both
directions.
-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)
See LICENSE.
This dissector is based on a dissector for ZMTP 2, written by Robert G. Jakabosky.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent