OnixS Homepage

ICE iMpact Wireshark Dissector

Wireshark Compatibility Table

ICE iMpact Multicast Feed Wireshark Custom Dissector compatibity table:

Dissector Wireshark Notes
icemulticast-spec1.22.dll 1.12.13 (64-bit) Typical plugin install path: "C:\Program Files\Wireshark\plugins\1.12.13"
icemulticast-spec1.34.dll 2.0.3 (64-bit) Typical plugin install path: "C:\Program Files\Wireshark\plugins\2.0.3"
icemulticast-spec1.42.dll 3.0.5 (64-bit) Typical plugin install path: "C:\Program Files\Wireshark\plugins\3.0\epan"

Capture UDP Packets

To capture UDP packets use tcpdump tool:

$ sudo tcpdump -i $NIC udp and host $IP and port $PORT -w $FILENAME.pcap


For example, for ICE Futures Brent FOD Snapshots :

$ sudo tcpdump -i eth0 udp and host and port 20230 -w ice-brent-fod-snapshots.pcap

The output will be:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

When enough packets captured, use Ctrl+C to stop tcpdump:

1446 packets captured
1459 packets received by filter
0 packets dropped by kernel

Now you can open ice-brent-fod-snapshots.pcap file in Wireshark.

Check PCAP for Sequence Errors

Open PCAP file in Wireshark and make sure the PROTOCOL is set to the ICEMULTICAST:

Wireshark Main Windows

Then apply this filter:

icemulticast.seqerror == SequenceGap

If there are any sequence gap errors in PCAP data, Wireshark should show it:

Wireshark SequenceGap Detected

With this confirmation, you can start working with your Network Team to investigate it further.