Wireshark Capture

Owned by R D
Last updated: 2024-02-02
2 min read

Overview

Wireshark is a program that captures and logs network packet information, which can be used to analyze and debug network communication.

Wireshark: Wireshark · Go Deep

Setup

Download and install Wireshark: Wireshark · Go Deep

Install MAVLink:

  1. Install Git and Python 3.8 if you haven’t already

  2. Clone the MAVLink repository, if you haven’t aleady: git clone https://github.com/mavlink/mavlink.git --recursive

    1. Otherwise, checkout and pull the master branch:

      1. git checkout master git pull

  3. Create and activate the virtual environment: Autonomy Workflow Software

  4. Install the required Python packages: pip install -r pymavlink/requirements.txt

Generate the MAVLink Lua plugin for Wireshark: Generate MAVLink Libraries · MAVLink Developer Guide

  1. XML: Select all.xml in [path to repository]/message_definitions/v1.0/

  2. Out: Select the repository root and add /mavlink2_plugin at the end

  3. Language: WLua (not Lua)

  4. Protocol: 2.0

  5. Leave everything else as default

  6. Click Generate

  7. A file called mavlink2_plugin.lua is now in the repository root

  8. Open the file and add the following to the end:

    1. local tcp_dissector_table = DissectorTable.get("tcp.port") tcp_dissector_table:add(14550, mavlink_proto) tcp_dissector_table:add(14580, mavlink_proto) tcp_dissector_table:add(18570, mavlink_proto)

  9. Move or copy the files to Wireshark’s plugins directory under the Wireshark installation directory

Wireshark is now ready to decode MAVLink messages!

Instructions based on this: Debugging with Wireshark · MAVLink Developer Guide

Usage

Open Wireshark.

Double click on Adapter for loopback traffic , unless you are specifically using another network interface.

Filter the packets by entering text and then pressing enter. Example:

  • mavlink_proto

  • mavlink_proto.msgid == 30

  • tcp

  • tcp.port == 14550

  • udp.port == 14550 && mavlink_proto.msgid == 20

The MAVLink messages are displayed (may take some time if Wireshark has been open for a while).

  • If there is nothing displayed, either the configuration is incorrect or the application that uses MAVLink has not been started.

    • Windows: netstat -ab can be used to see which ports on your computer are currently being used

      • Ctrl-c when all of 0.0.0.0 has been displayed, or whenever you are satisfied

When closing Wireshark, you can either save or discard the captured packets. Usually discarding is fine, unless you specifically want to search through the session later. The save file will be very large (tens to hundreds of MB).