This wireshark dissector is compatible with NEO v3.0.3. It supports all base payloads with just a few limitations (see below). Feel free to extend and PR!
Place neo3.lua
in the Wireshark plugin folder. See their wiki for the location on your platform.
Requires Wireshark 3.0 or higher.
The default port it will try to decode as NEO3 traffic is TCP port 10333
. If you're running your node on another port,
i.e. 20333
is common for NEO's TestNetwork, then rigth click the stream, select Decode As..
and choose Neo3
.
-
Cannot dissect compressed payloads.
Wireshark has not exposed its LZ4 library to their LUA environment and it is not possible load 3rd party libs. It has been an outstanding request for a long time. Our best bet is ask NEO to allow for compression negotiation such that it can be disabled, or to implement the dissector in C where it is possible to access the included LZ4 library.
If you're in control of the nodes you could build them from source and disable compression:
-
The
AddrPayload
andExtensiblePayload
are not supported.Note: no
ExtensiblePayload
support implies no support for consensus payloads.