Skip to content

Instantly share code, notes, and snippets.

@gAmUssA
Forked from doubleirish/kafka_wireshark.md
Created June 6, 2018 20:21
Show Gist options
  • Save gAmUssA/d2776ea9d96a9e0a9c046c86274a202a to your computer and use it in GitHub Desktop.
Save gAmUssA/d2776ea9d96a9e0a9c046c86274a202a to your computer and use it in GitHub Desktop.
Using Wireshark to sniff kafka message packets on ubuntu

#Using wireshark to sniff kafka messages

Install the latest WireShark application

 sudo add-apt-repository ppa:wireshark-dev/stable
 sudo apt-get update
 sudo apt-get install wireshark

run wireshark with (without SU privledges you may not see the eth0 device)

sudo wireshark

Enable the kafka protocol in Wireshark

In the Wireshark application navigate thriough the menu options :- Edit -> Preferences -> Protocol Select the "Kafka" protocol and change the broker port to 9092

On the main screen add the following to the Capture filter text box (replace the IP with that of your machine running kafka) :

       port 9092 && greater 145 && host  <ip_of_host_running_kafka>

Double click on the eth0 interface.

If you’re running kafka cluster via a docker you can alternatively doubleclick on the docker() interface

You’ll see nowtraffic from kafka clients .
The “greater” capture filter eliminates low level internal kafka message packets from appearing.

This is useful if you only want to see publisher and subscriber messages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment