This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can Wireshark monitor MQ or Listener traffic?

0

Can I use wireshark to validate proper functionality of MQ and/or listener traffic?

asked 16 Feb '11, 08:34

soccernut's gravatar image

soccernut
1111
accept rate: 0%


2 Answers:

0

By "MQ" do you you mean "Websphere MQ" ?

If so, Wireshark can monitor (capture) and dissect MQ traffic.

However, Wireshark just dissects the bits.

Altho a particular dissector may provide some diagnostic information (e.g., about what appear to be incorrect fields in a message), Wireshark in general certainly doesn't "validate proper functionality" of a protocol.

answered 16 Feb '11, 09:47

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%

edited 16 Feb '11, 09:48

I.e., Wireshark can capture the traffic, and can dissect it and show you the details of the packets, so that you can look at those packets and see whether the programs sending the packets or replying to them are doing the right thing - Wireshark doesn't include a lot of functionality to check them itself. It also doesn't include any software to, for example, send test packets.

(17 Feb '11, 21:52) Guy Harris ♦♦

0

The WebSphere MQ protocol V6 is extensively supported in Wireshark. However, the MQ protocol V7 introduced new protocol features, implementing full-duplex instead of half-duplex channels. This adds 2 new magic headers, on top of the existing TSH header :
- TSHC for common channel commands (heartbeat, quiesce stop, …).
- TSHM for multiplexed sessions (for each MQHCONN).
Wireshark does not support yet the new TSHC and TSHM headers : they will be displayed as "[Malformed packet]".

In the meanwhile, it is possible to use a backward compatible mode, which uses the V6 protocol. It can be configured 2 ways :
- CLI (runmqsc) : configure the SHARECNV parameter to 0 on the server connection channel
- GUI (MQ Explorer) : go to Channel -> Extended -> Sharing conversations and enter 0.

answered 06 Apr '12, 12:29

metatech's gravatar image

metatech
162
accept rate: 0%

edited 01 Mar '13, 12:34

Anyone who would like to see the v7 protocol in Wireshark should check the Bugs database for an existing entry and if there isn't one create a new entry, marking it as an Enhancement and including a reference to the protocol specification and if possible adding a sample capture.

(07 Apr '12, 01:31) grahamb ♦

WebSphere MQ protocol v7 is now supported by Wireshark (see bug 8322). It is included in Wireshark 1.9.0 with a build number higher than 47641.

(12 Feb '13, 12:24) metatech