ICE iMpact Multicast Feed Wireshark Custom Dissector compatibity table:
| Dissector | Wireshark | Notes |
|---|---|---|
| icemulticast-spec1.22.dll | 1.12.13 (64-bit) | Typical plugin install path: "C:\Program Files\Wireshark\plugins\1.12.13" |
| icemulticast-spec1.34.dll | 2.0.3 (64-bit) | Typical plugin install path: "C:\Program Files\Wireshark\plugins\2.0.3" |
| icemulticast-spec1.42.dll | 3.0.5 (64-bit) | Typical plugin install path: "C:\Program Files\Wireshark\plugins\3.0\epan" |
To capture UDP packets use tcpdump tool:
$ sudo tcpdump -i $NIC udp and host $IP and port $PORT -w $FILENAME.pcap
where:
$NIC - Network interface name$IP - Multicast feed IP address$PORT - Multicast feed port number$FILENAME - The name of the PCAP fileFor example, for ICE Futures Brent FOD Snapshots :
$ sudo tcpdump -i eth0 udp and host 233.156.208.230 and port 20230 -w ice-brent-fod-snapshots.pcap
The output will be:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
When enough packets captured, use Ctrl+C to stop tcpdump:
^C
1446 packets captured
1459 packets received by filter
0 packets dropped by kernel
Now you can open ice-brent-fod-snapshots.pcap file in Wireshark.
Open PCAP file in Wireshark and make sure the PROTOCOL is set to the ICEMULTICAST:
Then apply this filter:
icemulticast.seqerror == SequenceGap
If there are any sequence gap errors in PCAP data, Wireshark should show it:
With this confirmation, you can start working with your Network Team to investigate it further.