I have been working on a Wireshark dissector for elasticsearch. This allows
you to more intelligently debug elasticsearch problems at the network
level. I have been working in my own branch of Wireshark and will be
getting it merged in the official distribution as soon as I can get some
feedback from you guys!
If you be great if I could get some others to test this out before I get it
into the official Wireshark tree. It *should *support version of ES >
V0.20.0RC1 (I have been testing against the latest as of writing and I
don't think the binary protocol has changed since then). You can get it at https://github.com/ryandoyle/wireshark.git on the branch es_dissector.
Build instructions are
at https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBuildFirstTime.html.
It's the usual ./configure && make && make install type deal.
There are some limitations currently, so on the to-do list is the following:
Dissect the whole packet for request/response packets.
Decompress compressed packets
Track request/response IDs so you can back reference a response to a
request and vica-versa
*Maybe *support older versions
I'll update you once it's merged and/or I get feedback from you guys.
Cheers!
Just a heads up that this is now included in Wireshark master branch. You
can now get it by building Wireshark directly from their latest source code
and in a released version when the change makes its way through.
Cheers,
Ryan
On Saturday, October 11, 2014 11:57:44 AM UTC+11, Ryan Doyle wrote:
Hi Guys
I have been working on a Wireshark dissector for elasticsearch. This
allows you to more intelligently debug elasticsearch problems at the
network level. I have been working in my own branch of Wireshark and will
be getting it merged in the official distribution as soon as I can get some
feedback from you guys!
If you be great if I could get some others to test this out before I get
it into the official Wireshark tree. It *should *support version of ES >
V0.20.0RC1 (I have been testing against the latest as of writing and I
don't think the binary protocol has changed since then). You can get it at GitHub - ryandoyle/wireshark https://github.com/ryandoyle/wireshark.git on the branch es_dissector.
Build instructions are at 3.6. Build Wireshark.
It's the usual ./configure && make && make install type deal.
There are some limitations currently, so on the to-do list is the
following:
Dissect the whole packet for request/response packets.
Decompress compressed packets
Track request/response IDs so you can back reference a response to a
request and vica-versa
*Maybe *support older versions
I'll update you once it's merged and/or I get feedback from you guys.
Cheers!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
