wireshark plugin for hadoop 2.x(hdfs/yarn/hbase)
hadoop-wireshark is a open source hadoop 2.x protocol analyzer plugin with Wireshark. The hadoop rpc packet dissect according to HadoopRpc. Some protobuf handles code copy from protobuf-wireshark.
- Hadoop(cloudera 5.x) 2.2 / 2.3 / 2.4 / 2.4.1 packet dissect including HDFS/YARN/MapReduce
- HBase(cloudera 5.x) 0.96.x / 0.98.x / packet dissect
- authentication (support Hadoop, HBase Plan)
- HDFS Data packet (support)
- Spack (Plan)
- Before build you must install vs2010 and protobuf
- Download the sourcecode of current stable version Wireshark 1.10.8
- Build wireshark
- Enter the wireshark plugins dir and mkdir "hadoop" (wireshark-1.10.8\plugins\hadoop)
- Copy hadoop-wireshark file to hadoop dir
- Modify the PROTOBUF_DIR and PROTOBUF_LIB variable with you dir in Makefile.nmake file
- Open vs2010 cmd and enter hadoop dir
- Use nmake cmd to build(nmake -f Makefile.nmake)
- Copy the hadoop and hbase proto file to the wireshark plugin dir(in my computer is "E:\dev\opensource\wireshark\wireshark-1.10.8\wireshark-gtk2\plugins\1.10.8\hadoop-wireshark")
- Copy the hadoop.dll to wireshark plugin install dir (wireshark-1.10.8\wireshark-gtk2\plugins\1.10.8)
- Run wireshark and open packet file
- Select one hadoop packet and right click
- Select "Decode as" and open Transport sheet page
- Select HADOOP
- Select HBASE
- Select HDFSDATA2
you can download the setup file:hadoop-wireshark(1.10.8) setup file
- version 0.8.0: support hdfsdata2 & fix bug
- version 0.7.0: support hadoop authentication & fix bug
- version 0.6.0: support x86 platform
- version 0.0.6: support wireshark-1.10.8(x64) with windows vs2010
#Known Issues
- not support hdfs DataTransferEncryptorMessageProto
- not support TaskUmbilicalProtocol (the use WritableRpcEngine, not use ProtobufRpcEngine)
hadoop-wireshark is published under the Apache V2.