Skip to content

Instantly share code, notes, and snippets.

@doubleirish

doubleirish/kafka_wireshark.md

Created August 4, 2016 16:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save doubleirish/513380fa77e723ccc021253376a04b78 to your computer and use it in GitHub Desktop.
Save doubleirish/513380fa77e723ccc021253376a04b78 to your computer and use it in GitHub Desktop.
Download ZIP
Using Wireshark to sniff kafka message packets on ubuntu
Raw
kafka_wireshark.md

#Using wireshark to sniff kafka messages

Install the latest WireShark application

 sudo add-apt-repository ppa:wireshark-dev/stable
 sudo apt-get update
 sudo apt-get install wireshark

run wireshark with (without SU privledges you may not see the eth0 device)

sudo wireshark

Enable the kafka protocol in Wireshark

In the Wireshark application navigate thriough the menu options :- Edit -> Preferences -> Protocol Select the "Kafka" protocol and change the broker port to 9092

On the main screen add the following to the Capture filter text box (replace the IP with that of your machine running kafka) :

       port 9092 && greater 145 && host  <ip_of_host_running_kafka>

Double click on the eth0 interface.

If you’re running kafka cluster via a docker you can alternatively doubleclick on the docker() interface

You’ll see nowtraffic from kafka clients .
The “greater” capture filter eliminates low level internal kafka message packets from appearing.

This is useful if you only want to see publisher and subscriber messages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment