Wireshark Installation
During the installation of Wireshark, it is essential to select the component UDPdump under Choose Components to install. This component is required for capturing HEP traffic over UDP. Please note that it cannot be installed afterward, so make sure to include it during the initial setup.
To enable decoding and analysis of HEP packets, Wireshark requires the installation of a Lua-based HEPWireshark dissector for HEP protocol plugin. Without this plugin, HEP-encapsulated SIP messages cannot be properly interpreted or displayed.
To install the plugin, open Wireshark and navigate to Help > About Wireshark, then switch to the Folders tab. Click the path listed under Personal Lua Plugins. If the target folder does not yet exist, Wireshark will offer to create it. Confirm this prompt by selecting .
Get the Wireshark dissector for HEP protocol plugin Use the download raw file function in the upper right corner.
Once the personal lua plugins folder folder for Wireshark is available, place the Lua HEP plugin file into that directory and restart Wireshark.
After restarting Wireshark, go to the Welcome to Wireshark start screen.
Under UDP Listener remote capture, click the gear icon to edit the default settings.
By default, anynode sends SIP flow data via the standard HEP port 9000, so make sure this port is correctly configured in the settings.
In the Payload type field, enter hep.
This step is crucial because Wireshark uses the specified payload type to correctly interpret the
incoming data. Setting it to hep ensures that the Lua plugin processes the packets using the correct
dissector logic for HEPv3 encapsulation.
Click to confirm the configuration.
