Experimental Physics and
Industrial Control System

Michael Davidsaver via Tech-talk <tech-talk at aps.anl.gov> · Thu, 18 Feb 2021 20:15:03 -0800

On 2/18/21 7:42 PM, Li, Ji via Tech-talk wrote:
> Yes, I used PV name (ca.pv) or the IP address of the workstation from which messages were generated (ip.addr) as the filter.

Try plain "ca" as a filter.  CA is a highly stateful protocol, which complicates analysis.
It only includes the text PV name in the search and create channel messages.  Beginning
with the create channel reply numeric IDs are negotiated ('ca.sid', 'ca.cid'), and then
another 'ca.ioid' for individual get/put operations.

eg. following on Get operation all the way through might look like:

> (ca.pv=="test:ao") || (ca.cid == 1) || (ca.sid == 0) || (ca.ioid == 3)

The cashark repository contains a few pre-recorded capture files with known traffic.
eg. test/ca_all_dbr.pcapng records my running "caget" in a loop for all valid DBR
type codes.

> Just tried to capture in the same way on the workstation with Wireshark 2.6.20. Got the same result.

This is the version I have atm. (from Debian 10), so I'm confident it should works.

One possible complication is using a non-standard port.  The nature of CA messages
prevents automatic classification.  If your CA traffic is on a non-standard port,
you will have to manually tell wireshark about this.  Either interactively by finding
at least one frame in the stream and following the context menu "Decode As...",
or editing ca.lua to change the defaults.

> $ grep 5064 ca.lua 
> utbl:add(5064, ca)
> ttbl:add(5064, ca)

> I noticed that in the received messages for both caget and caput, there were only commands "Version" 0x00, "Search" 0x06, "User" 0x14, "Host" 0x15 and "Create channel" 0x12, while I was expecting to see "Read" 0x03 and "Write" 0x04 separately.

Read and Write messages include 'ca.sid' and 'ca.ioid'.

> Best,
> 
> -Ji Li
> 
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *发件人:* Mark Rivers <rivers at cars.uchicago.edu>
> *发送时间:* 2021年2月18日 22:17
> *收件人:* Li, Ji <liji at bnl.gov>
> *抄送:* tech-talk at aps.anl.gov <tech-talk at aps.anl.gov>
> *主题:* Re: How to capture messages generated by PyEpics?
>  
> I don’t think the Wireshark version will matter. Have you put a filter on what Wireshark captures, or on what is selected to display?
> 
> Mark
> 
> 
> Sent from my iPhone
> 
> On Feb 18, 2021, at 8:26 PM, Li, Ji <liji at bnl.gov> wrote:
> 
> 
> Thanks Mark. I expect Wireshark to be install & play. The one I used is an old installation on an old server. Will find another one and try it out.
> 
> Best,
> 
> -Ji Li
> 
> ________________________________
> 发件人: Mark Rivers <rivers at cars.uchicago.edu>
> 发送时间: 2021年2月18日 20:11
> 收件人: Li, Ji <liji at bnl.gov>
> 抄送: tech-talk at aps.anl.gov <tech-talk at aps.anl.gov>
> 主题: RE: How to capture messages generated by PyEpics?
> 
> 
> Ø   When I get/set from PyEpics (tried both PV module and CA module), the program was able to successfully get the up-to-date value of the PV and set new value to it,
> 
> Ø  > but no messages showed up. Doesn't PyEpics communicate using CA protocol messages? Are there specific filter/configuration to be done in Wireshark to show these messages?
> 
> 
> 
> There is no difference in the CA network messages using caget and PyEpics.    They both use the same libca.so library from EPICS base.
> 
> 
> 
> You must have something configured wrong in Wireshark or something.
> 
> 
> 
> Mark
> 
> 
> 
> 
> 
> From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Li, Ji via Tech-talk
> Sent: Thursday, February 18, 2021 4:52 PM
> To: tech-talk at aps.anl.gov
> Subject: How to capture messages generated by PyEpics?
> 
> 
> 
> Hi,
> 
> 
> 
> I'm trying to capture CA messages targeting a specific PV on the IOC server with Wireshark (v1.12.1) and Michael Davidsaver's cashark plugin (ca.pv or ip.addr as the filter). Wireshark was able to capture messages generated by caget/caput commands ran from bash. When I get/set from PyEpics (tried both PV module and CA module), the program was able to successfully get the up-to-date value of the PV and set new value to it, but no messages showed up. Doesn't PyEpics communicate using CA protocol messages? Are there specific filter/configuration to be done in Wireshark to show these messages? Thanks.
> 
> 
> 
> 
> 
> -Ji Li
> 
> 

Experimental Physics and Industrial Control System

Experimental Physics and
Industrial Control System