In the Debugging RabbitMQ's messages recipe, we have seen how to trace messages going to/from RabbitMQ.
However, it is not always possible, or desirable, to stop a running client (or a RabbitMQ server), modify its connection port, and point it to a different one; we just want to monitor the messages that are passing in real-time, impacting the system activity as little as possible.
Wireshark is a free network analysis tool that has the capability to decode AMQP messages. This tool can be used either on the client side or on the server side to monitor the AMQP traffic flow seamlessly.
To exercise this recipe, you need RabbitMQ up and running and the RabbitMQ Java client library.
In the following steps, we are going to see how to use Wireshark to trace the AMQP messages:
- If not already available on your system, download and install Wireshark from http://www.wireshark.org/. You can also install it for your distribution if it is available, for example, with:
yum install wireshark-gnome - Start Wireshark on Linux from the
rootuser. - Start to capture from the loopback interface.
- From a terminal from the Java client library path, run the command:
./runjava.sh com.rabbitmq.examples.PerfTest -C 1 -D 1 - Stop the acquisition from the Wireshark GUI and analyze the captured AMQP traffic.
Using Wireshark, it is possible to inspect the AMQP traffic exiting or entering a server that is hosting a RabbitMQ server or client.
In our example, we have captured the network traffic running both the client and the server on the same machine, thus connecting in localhost. That's why we were capturing the traffic from the loopback interface (step 3 of the previous steps).
Otherwise, we should capture the traffic from the network interface, usually eth0 or something similar.
So, in order to run the Wireshark graphical user interface, in case the RabbitMQ client and the server run on the same node, you need to select the loopback interface, as shown in the following screenshot:
Once the AMQP traffic has travelled through the loopback interface, it has been captured by Wireshark.
The experiment run in step 4 of the previous steps actually starts both a producer and a consumer with two separated connections.
In order to highlight it, find a packet described as Basic.PublishContent-Header, right-click on it, and select Follow TCP stream. You can then close the window showing the payload dialogue between the client and the server. In the main window, you can now see the network packets that are exchanged between the client and the server, as shown in the following screenshot:
In the same way, you can select the traffic exiting the RabbitMQ server, as shown in the following screenshot:
In the previous two screenshots, we have highlighted the AMQP payload of both messages, but you will find plenty of details in the AMQP traffic, thanks to the fact that Wireshark includes a very complete AMQP dissector.
In case RabbitMQ is configured to use SSL and you want to analyze the encrypted traffic, this is possible under some given conditions by properly configuring the SSL public/private keys in the Wireshark configuration.
Find more information at http://wiki.wireshark.org/SSL.
You can find some references to the Wireshark AMQP dissector at http://wiki.wireshark.org/AMQP.