Is there an openwire dissector

asked 2020-08-20 10:34:24 +0000

I am using Wireshark Version 3.2.6 (v3.2.6-0-g4f9257fb8ccc) on Windows 10.

It seems there is no dissector for OpenWire protocol. It says: "openwire tight encoding not supported by wireshark"

Is there a dissector for OpenWire and how can I add it to Wireshark plugin?

answered 2020-08-20 10:50:19 +0000

A dissector for OpenWire was added to Wireshark in 2012, the Bugzilla entry is here and was released with Wireshark 1.8.

There is a comment in the dissector source about what the dissector can handle that may be relevant:

OpenWire has two wire formats :
- "loose" : more verbose, less CPU-intensive, less network-intensive (1-pass)
- "tight" : more compact, more CPU-intensive, more network-intensive (2-pass)
This dissector only supports the "loose" syntax, which is not the default.
This dissector only supports version 6 of the protocol.
It can be changed on the broker in the activemq.xml file by specifying "tightEncodingEnabled=false" :

    <transportConnector name="tcp-connector" uri="tcp://;wireFormat.cacheEnabled=false"/>

Note : The WIREFORMAT_INFO command is always sent in "loose" format.
Thanks for answer, but is there a dissector for handling "tight" format?

No there isn't within the Wireshark project.

Asked: 2020-08-20 10:34:24 +0000

