Hi again, Just a heads up that this is now included in Wireshark master branch. You can now get it by building Wireshark directly from their latest source code and in a released version when the change makes its way through.
Cheers, Ryan On Saturday, October 11, 2014 11:57:44 AM UTC+11, Ryan Doyle wrote: > > Hi Guys > > I have been working on a Wireshark dissector for elasticsearch. This > allows you to more intelligently debug elasticsearch problems at the > network level. I have been working in my own branch of Wireshark and will > be getting it merged in the official distribution as soon as I can get some > feedback from you guys! > > Here is a sneak peek so far: > > > <https://lh6.googleusercontent.com/-IUSq-Wh-E-c/VDh9FVycl8I/AAAAAAAAAIg/Ad_qXH3qgKs/s1600/es_discovery.png> > > > <https://lh6.googleusercontent.com/-T0DBxs0s4nw/VDh9NemE8uI/AAAAAAAAAIo/gtw3t2RT98Y/s1600/dissect_action.png> > > > <https://lh3.googleusercontent.com/-q1kZ_WwvDT0/VDh9T9iTrwI/AAAAAAAAAIw/4_nujAWABkU/s1600/dissect_track_request_id.png> > > > <https://lh6.googleusercontent.com/-jIlhal5E1QY/VDh9a7oGgSI/AAAAAAAAAI4/cG69wSp7d00/s1600/dissect_http_elasticsearch.png> > > If you be great if I could get some others to test this out before I get > it into the official Wireshark tree. It *should *support version of ES > > V0.20.0RC1 (I have been testing against the latest as of writing and I > don't think the binary protocol has changed since then). You can get it at > *https://github.com/ryandoyle/wireshark.git > <https://github.com/ryandoyle/wireshark.git>* on the branch *es_dissector*. > Build instructions are at > https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBuildFirstTime.html. > It's the usual ./configure && make && make install type deal. > > There are some limitations currently, so on the to-do list is the > following: > > > - Dissect the whole packet for request/response packets. > - Decompress compressed packets > - Track request/response IDs so you can back reference a response to a > request and vica-versa > - *Maybe *support older versions > > I'll update you once it's merged and/or I get feedback from you guys. > Cheers! > > Ryan > > > > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/104d7acb-5cd4-42ca-a9c9-591e718441f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
