Wireshark mailing list archives

Re: hadoop dissector

From: mmann78 () netscape net
Date: Thu, 2 Jul 2015 13:04:10 -0400



I'd recommend attaching the capture file to a Bugzilla ticket (with all of the links mentioned here) and possibly your 
patch of the internal dissector.  Perhaps somebody can take it from there.
 
As a side note, I still don't know how I feel about dissectors being "pulled from the wild" from developers rather than 
pushed to Wireshark (via Gerrit) by the original author(s). Gerrit (and just Buzilla before that) isn't THAT hard to 
navigate.  Are we missing something?  Are our code standards too strict?
 
 
 
 
-----Original Message-----
From: Dario Lombardo <dario.lombardo.ml () gmail com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Thu, Jul 2, 2015 12:03 pm
Subject: [Wireshark-dev] hadoop dissector


 
  
   Hi list   
  
  
   
    
I opened a hadoop 2.6 capture file with the current master and I found that the hadoop dissector fails in opening the 
file (wrong dissection). This is probably related to the changes in the wire protocol that have not been reflected into 
the current dissector. So I decided to start understading how the dissector should be updated... but I stucked.     
    
     
    
    
I can't find the specifications of the wire protocol. I just found this      https://wiki.apache.org/hadoop/HadoopRpc.  
  
    
     
    
    
I've found this project      https://github.com/liukeyou/hadoop-wireshark that, from the screenshots, sound promising, 
but is for WS 1.10, and is a plugin for windows (my dev env is linux). I succeded to compile it as internal dissector, 
but nothing gets dissected. Maybe it looks for something somewhere that I didn't copy.    
    
     
    
    
I tried to compile hadoop myself, to instrument it in order to have a better understand of the flow and of the 
protocol, but the high level of abstraction of the hadoop java code made me lost.     
    
     
    
    
These are my attempts so far... not very happy about them.    
    
Did anyone tried to make the same or something different? Anyone having links/resources/ideas to share? Anyone 
interested in working on it?    
    
     
    
    
Cheers,    
    
Dario
   
  
  
 

___________________________________________________________________________
Sent
via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:   
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-dev
            
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

hadoop dissector Dario Lombardo (Jul 02)
- Re: hadoop dissector mmann78 (Jul 02)
  - Re: hadoop dissector Dario Lombardo (Jul 03)
    - Re: hadoop dissector Pascal Quantin (Jul 03)
    - Re: hadoop dissector Helge (Jul 03)
    - Re: hadoop dissector Evan Huus (Jul 03)