This page is the home of an effort to develop a complete dissector plugin for the Locator/ID Separation Protocol (LISP) within the Wireshark network analyzer. Work started against the 1.2.x branch of Wireshark, followed by the 1.4.x branch, with version 20110422 of the patch being accepted for inclusion into the 1.6.x branch. A second upstream submission was version 20120819, which is now part of the 1.9.x development branch, and will be released in the 1.10.x stable series.
Update (2013/06/27): LISP packet dissector is a project currently maintained by Lorand Jakab. On May 2013, Radu Terciu contributed to Lorand's code extending LCAF support with the types defined up to date. At the time of this writing, LCAF defines 13 different types. All of them are currently supported on the Wireshark LISP dissector thanks to Radu's contribution.
Development of the dissector is still active after upstream inclusion, with new features and bugfixes showing up on this page first. If you are not interested in features that were added after version 20110422, just grab the latest stable source or binary package directly from the official Wireshark download page (or if your OS has package management, use the included package, as long as it's version 1.6.0 or higher). If you want the features and fixes added between versions 20110422 and 20120819, you still have the option of not compiling from source on Windows and on the Mac, by using the official automated builds. And if you want the latest and greatest, follow the steps below, and keep checking back to this page. See contact info at the bottom of the page if you want to receive updates.
Packet dissection is based on draft-ietf-lisp-23, draft-farinacci-lisp-lcaf-10, and draft-ermagan-lisp-nat-traversal-01.
The dissector used to be released as a patch against mainline. Version 20120819 was the last in patch form, from now on there will be no more point releases. Rather, you will be able to download the latest version of the
packet-lisp.c file, which implements the LISP control packet dissector. Since the upstream inclusion no Makefiles need to be modified, all you need to do is overwrite this file, making patching unnecessary.
epan/dissectors/packet-lisp.cwith the file downloaded in step 2.
./configure --helpfor an extensive list of options. Refer to the Wireshark documentation for more help on how to build from source.
The above steps should translate roughly to the following commands:
wget http://www.wireshark.org/download/src/wireshark-1.8.x.tar.bz2 wget http://raw.github.com/ljakab/lisp-dissector/master/packet-lisp.c tar xvf wireshark-1.8.x.tar.bz2 cp packet-lisp.c wireshark-1.8.x/epan/dissectors cd wireshark-1.8.x ./configure --help ./configure nice make -j4 sudo make install
You should be aware that capturing on the same machine that generates the packets you are interested in may cause issues with checksums, due to hardware offloading to the NIC. For example, if you use a Linux host to generate Map-Request messages, and capture those packets with Wireshark on the same host, UDP checksums may be shown as incorrect (except if you used raw UDP sockets to generate them). You may solve this by disabling checksum offloading on your NIC, if this operation is supported. Using
ethtool, you can check for offload status:
ethtool --show-offload eth0
If transmit checksum is on, you can disable it by running:
ethtool --offload eth0 tx off
For more information, see the Wireshark wiki on this topic.
Important updates are announced on the author's Twitter and Identi.ca feeds. You can also find him hanging out in #lisp-networking and #lispmob on FreeNode (look for Lori).