NATS dissector for Wireshark

[Maksim Dmitrichenko]

Hi!

I would like to present my contribution to both Wireshark and NATS communities and release the NATS dissector for Wireshark. For now it is in my personal branch and the MR to master is opened [1].

The motivation to write it was to make easier investigation of the client-to-wire, in-server and request-reply delays. The dissector is able to match requests with replies by the subject, provide means to instant jump between request and reply frames in UI, calculate delays for analytics.

It has a support for the upper level dissectors to dissect NATS payload - you can write a plugin for your in-house protocols using C or maybe even Lua. It exports subjects and headers to the upper level dissector. There is a room to support several upper level dissectors with different subjects (like subscriptions) but for now only ">" subject for upper level is supported, i.e. it will get all the NATS messages with any payload (HPUB/PUB/HMSG and MSG). 

[1] https://gitlab.com/wireshark/wireshark/-/merge_requests/22225

--

WBR,
  Max

[Maksim Dmitrichenko]

On Saturday, November 8, 2025 at 11:11:51 PM UTC+4 Maksim Dmitrichenko wrote:

Hi!

I would like to present my contribution to both Wireshark and NATS communities and release the NATS dissector for Wireshark. For now it is in my personal branch and the MR to master is opened [1].

The dissector was merged into master. I hope it will finds its way in the next release. 

--
WBR, 
  Max

[Alex Bozhenko]

Hi, WBR.

I am not familiar with Wireshark Dissectors. Do you have an example how to use it?
Also, which version of Wireshark should have it?

__
Alex

[Alex Bozhenko]

Hi, WBR.

This looks very interesting, but I am not familiar how to use Wireshark dissectors. Could you please share how to use it?
Also, which version of Wireshark it is(will be) included in?

Thanks,
Alex

On Monday, November 17, 2025 at 9:54:57 AM UTC-8 dmit...@gmail.com wrote:

[Maksim Dmitrichenko]

> I am not familiar with Wireshark Dissectors. Do you have an example how to use it?

You have to dump your traffic between the client and server using the
dumpcap or tcpdump utility. Then open the dump in Wireshark. Use LLM
helper for a brief howto. If your server's port is 4222 it finds NATS
packets automatically, otherwise you should select in the settings of
NATS protocol the needed port number.

> Also, which version of Wireshark should have it?

Currently, my work is only in master and I hope it will be released in
v4.7.0. So for now if you're using Windows or MacOS, you have to
download nightly build which you can find here:
https://www.wireshark.org/download/automated/

If you are using Linux then I guess you have to build it yourself.

>
> __
> Alex
> On Monday, November 17, 2025 at 9:54:57 AM UTC-8 dmit...@gmail.com wrote:
>>
>> On Saturday, November 8, 2025 at 11:11:51 PM UTC+4 Maksim Dmitrichenko wrote:
>>
>> Hi!
>>
>> I would like to present my contribution to both Wireshark and NATS communities and release the NATS dissector for Wireshark. For now it is in my personal branch and the MR to master is opened [1].
>>
>>
>> The dissector was merged into master. I hope it will finds its way in the next release.
>>
>> --
>> WBR,
>> Max
>

> --
> You received this message because you are subscribed to a topic in the Google Groups "nats" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/natsio/rERqwVA54wk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to natsio+un...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/natsio/07783ba3-2a73-4bbe-9b05-b0ef74091230n%40googlegroups.com.



--
With best regards
Maksim Dmitrichenko