This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

AMQP 1.0 dissector?

1

Hello, are there some plans to update AMQP dissector to be able to decode AMQP 1.0 version? That version has been accepted as OASIS standard year ago and it is supposed to be the industry standard in its area.

If there are no plans, could you please estimate how many mandays/manhours it might take to implement it? I might voluntee for it, knowing the protocol (up to some level) and knowing ANSI C..

asked 22 Nov '13, 06:01

Pavel%20Moravec's gravatar image

Pavel Moravec
61127
accept rate: 0%


3 Answers:

2

FYI I implemented (almost) complete AMQP 1.0 dissector by myself: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9612 . Just very few TODO remain there.

answered 02 Jan '14, 01:55

Pavel%20Moravec's gravatar image

Pavel Moravec
61127
accept rate: 0%

edited 03 Dec '14, 23:11

The correct link to the issue for the new AMQP 1.0 dissector is https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9612 (without the trailing .)

(03 Dec '14, 16:09) ChrisB

1

Mostly there is no plans for anything, things happens when some one decides to do something and commits a patch. I haven't seen any on mentioning AMQP so probably no one is working on it. You'd have to take a look at the souce file and make an estimate yourself - we don't know the extent of the changes made or the state of the current dissector. That said it might not be a huge job.

answered 22 Nov '13, 06:30

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

0

According to the web page of RabbitMQ:

http://www.rabbitmq.com/specification.html

Cite: RabbitMQ implements AMQP 1.0 via an experimental plugin. However, AMQP 1.0 is a completely different protocol than AMQP 0-9-1 and hence not a suitable replacement for the latter.

I guess those guys know what they are talking about.

So if you want to volunteer, you should calculate quite some time (whatever that means), as writing a AMQP 1.0 dissector is not just a copy-paste task with a few string replacements ;-)

How many hours/days? I can't tell. It surely depends on your knowledge of the AMQP 1.0 protocol and your coding skills. Straight from the gut, I tend to say: 'several' days rather than a few hours.

Regards
Kurt

answered 22 Nov '13, 06:28

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 22 Nov '13, 06:31

Thanks for your responses. I know (how) the protocol differs from 0.9-1 and/or 0.10 that Wireshark currently supports. Anyway I decided to implement the dissector by myself - due to my workload I assume to have it completed in very few months timeframe.

(26 Nov '13, 01:19) Pavel Moravec
1

Then I'd advice you to develop it incrementally. Make a basic dissector that recives the PDU and parses the message type as a first step then add IE's one by one as you get the time. In that way you get quick feedback and others intersted in the dissector might add their imput. In that way you get something semi useful very quickly.

(26 Nov '13, 01:49) Anders ♦

Good luck. Please submit the code to the Wireshark community.

(26 Nov '13, 03:48) Kurt Knochner ♦