Download latest version of plugin
rm -f /Applications/Wireshark.app/Contents/PlugIns/wireshark/solana.lua
curl --output /Applications/Wireshark.app/Contents/PlugIns/wireshark/solana.lua \
--proto '=https' --tlsv1.2 -sSf \
https://raw.githubusercontent.com/firedancer-io/solana_dissector/main/solana.luaTo activate, hit Cmd+Shift+L or restart Wireshark.
Solana nodes allocate ports in a block starting at an arbitrary number. To discover endpoints, nodes use the gossip protocol to send each other port mappings.
This plugin doesn't implement mappings yet and instead hardcodes ports.
- 8000: Gossip
- 8001, 8002: Shreds
- 8008, 8009: Repair
This might get fixed in the future, but for now, you have to use "Decode As" to select a protocol if the hardcoded mapping fails.
Provided mev-protos are added to the Wireshark search path, solana_dissector will decode Solana Transactions occurring in bundles received via gRPC.
- 🚧 Gossip protocol
- Messages
- ✅ Pull Request
- ✅ Pull Response
- ✅ Push Message
- ✅ Prune Message
- ✅ Ping Message
- ✅ Pong Message
- Types
- ✅ Socket Address
- ✅ Transaction (legacy)
- ❌ Transaction (v0)
- CRDS
- ✅ Contact Info
- ✅ Vote
- ❌ Vote program data
- ✅ Lowest Slot
- ✅ Snapshot Hashes
- ✅ Accounts Hashes
- ✅ Epoch Slots
- ✅ Legacy Version
- ✅ Version
- ✅ Node Instance
- ❌ Duplicate Shred
- ✅ Incremental Snapshot Hashes
- Messages
- ✅ Shreds
- ✅ Legacy Shreds
- ✅ Merkle Shreds
- ✅ Chained Merkle Shreds
- ✅ Chained Resigned Merkle Shreds
- ❌ FEC Recovery
- ✅ Repair
- ✅ Legacy types
- ✅ Pong
- ✅ WindowIndex
- ✅ HighestWindowIndex
- ✅ Orphan
- ✅ AncestorHashes
- ✅ TPU (UDP)
- 🚧 TPU (QUIC)
- If solana-tpu QUIC traffic doesn't dissect, run "Reload Lua plugins"
- ✅ mev-protos