Wireshark 2.0 contains enhanced support for AMQP traffic inspection and analysis. It can dissect (parse, visualise, filter) AMQP 0-9-1 and AMQP 1.0 traffic, including AMQP 0-9-1 Errata and RabbitMQ Extensions.
Wireshark is based on the same foundation as tcpdump, libpcap, and can be used to inspect pcap traffic capture files taken in a server environment.
Together, tcpdump and Wireshark provide a lot of information explaining what clients (applications) and RabbitMQ nodes do. This information can and should be used to derive insights into system behavior that is difficult to observe otherwise. These tools complement monitoring systems and allow operators and developers troubleshoot a distributed system more efficiently.
Packet List provides a summary of protocol frames and methods exchanged by a client and a RabbitMQ node. The Info column indicates the Class and Method (e.g. Basic.Publish) and then the most significant arguments. For example:
Packet Details then indicate all arguments of the frame. It also includes dynamically calculated values enclosed in square brackets. This is explained in next section.
Wireshark analyzes the AMQP 0-9-1 packet flow and displays additional information enclosed in square brackets:
Wireshark automatically highlights AMQP 0-9-1 packets with:
You may display summary of significant frames in a dedicated dialog. Go to Analyze > Expert Information and possibly apply the display filter:
Wireshark enables you to inspect the AMQPS traffic, however you can decrypt only the traffic that have been encrypted using the RSA keys, excluding the RSA ephemeral and Diffie-Hellman Ephemeral (DHE/EDH) cipher suites. You should set cipher suites used by RabbitMQ and restrict the list to RSA only.
In classic configuration format this would look something like this:
[ {rabbit, [ {ssl_options, [{ciphers, [{rsa,aes_256_cbc,sha256}, {rsa,aes_128_cbc,sha256}, {rsa,aes_256_cbc,sha}, {rsa,'3des_ede_cbc',sha}, {rsa,aes_128_cbc,sha}, {rsa,des_cbc,sha}]} ]} ]} ].
Also, you must supply Wireshark with the private key used to encrypt the data. If a mutual authentication is used, you need to supply both private keys. Go to the Edit > Preferences dialog, select Protocols > SSL and then click Edit the RSA keys list.
If you have questions about the contents of this guide or any other topic related to RabbitMQ, don't hesitate to ask them on the RabbitMQ mailing list.
If you'd like to contribute an improvement to the site, its source is available on GitHub. Simply fork the repository and submit a pull request. Thank you!