Is there a wireshark dissector for NATS protocol (https://nats.io/)

Question

So far Wireshark only shows raw bytes in captured TCP payloads. I would like to see some structured NATS messages instead: CONNECT, SUBSCRIBE, PUBLISH, etc. Is there a Wireshark plugin for that? Or maybe another sniffer I could use?

score 1 · Answer 1 · answered May 18 '20 at 00:06

NATS uses ASCII text. You can just right click a message on the top panel, select Follow->>TCP Stream. It will show a pop up window similar as this:

INFO {"server_id":"NBJQ7WOATUJACQOLGFHQWXIZHYSSTR5ACGUPKRUUURQVJJ5YZ7GG4KO7","server_name":"NBJQ7WOATUJACQOLGFHQWXIZHYSSTR5ACGUPKRUUURQVJJ5YZ7GG4KO7","version":"2.1.6","proto":1,"git_commit":"8c8d6f8","go":"go1.13.9","host":"0.0.0.0","port":4222,"max_payload":1048576,"client_id":3,"client_ip":"10.2.125.91"} 
CONNECT {"verbose":false,"pedantic":false,"tls_required":false,"name":"","lang":"C","version":"2.1.0","protocol":1,"echo":true}
PING
PONG
SUB _INBOX.DJA876I7XYOOISPLX6J5E1.*  1
PUB help _INBOX.DJA876I7XYOOISPLX6J5E1.0 9
help here

The only downside is that it only shows one TCP connection at a time. You can list all the TCP connections through: Menu: Statistics->>Conversations and select TCP tab.

Is there a wireshark dissector for NATS protocol (https://nats.io/)

1 Answers1