Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Quick Launch

Average Rating:

(2 Ratings)
facebook Twitter
Print Bookmark Alert me when this article is updated


HOW TO: Setup Wireshark to display LBM packets
Informatica offers a Wireshark dissector plug-in that decodes Ultra Messaging (UM) traffic at a low level. This article shows you how to setup Wireshark to display the packets of UM protocols.


The plug-in is not a supported product. Therefore, any bug fixes, features or updates are at the discretion of Informatica, and are not part of the normal customer support process.


The UM dissectors are incorporated in Wireshark starting with the Wireshark 1.12.0 release. This means it is not necessary to install the plugin separately as they are part of that product.​

But if you need to use an earlier release of Wireshark, the plug-in is available at in the directory /updates/Ultra Messaging (UM)/WireShark/Log in with your usual MySupport credentials.


Installation consists of unzipping the downloaded package and placing the binary (named 29west.dll on Windows or for Linux) in the plugins directory of your Wireshark installation.

As example, for a Wireshark 1.8.10 installation:

On Windows, place 29west.dll in the directory C:\Program Files\Wireshark\plugins\1.8.10

On Linux, the plugins path might be /usr/lib64/wireshark/plugins/1.8.10

To check that the plug-in is setup correctly, run Wireshark and from the menu, navigate to: Edit -> Preferences -> Protocols and see that 29West appears.

Supported UM protocols - UM packets displayed in Wireshark fall under one of these protocols:



 LBMC  LBMC Protocol,  Control messages
 LBMR  LBM Topic Resolution Protocol
 LBT-RM  LBT Reliable Multicast Protocol 
 LBT-RU  LBT Reliable Unicast Protocol
 LBT-TCP  LBT TCP Protocol


To decode the packets, you need to tell Wireshark the characteristics (usually IP address, port) of the UM protocol(s) you are interested in.

(Note: The plug-in comes with default values that should work if UM applications are also operating under default settings. However, some amount of configuration is usually required and the 5 steps below is how to do it):

  1. Create a Configuration Profile by right clicking Profile on the status bar or select it under the Edit menu.
    For more on the concept of Profiles, see notes under Domains below.
  2. Under the Edit menu, select Preferences.
  3. In the window that comes up, find 29West under Protocols in the tree list to the left.
  4. Expand 29West to see the five UM protocols: LBMC, LBMR, LBT-RM, LBT-RU, LBT-TCP.
  5. Set the option fields under each protocol to what your UM application is using.

The tables below show the correspondence between the Wireshark fields or labels and UM configuration options for each protocol. The option values are usually taken from a configuration file that the messaging application uses so have that configuration file handy while setting up a Wireshark profile.

LBMC Protocol: Use heuristic sub-dissectors should be checked.

The LBMR Protocol:

 Wireshark Label

UM Configuration Option

Incoming multicast UDP port  resolver_multicast_incoming_port Also resolver_multicast_port (Also means the named option can be used instead of the one under UM Configuration Option)
Incoming multicast address  resolver_multicast_incoming_address Also resolver_multicast_address
Outgoing multicast UDP port  resolver_multicast_outgoing_port Also resolver_mulicast_port
Outgoing multicast address  resolver_multicast_outgoing_address Also resolver_mulitcast_address
Unicast UDP port low  resolver_unicast_port_low
Unicast UDP port high  resolver_unicast_port_high
Unicast UDP destination port  resolver_unicast_destination_port Port the resolver daemon listens on
Unicast resolver address  resolver_unicast_address

IP address of the resolver daemon



The LBT-RM Protocol:

 Wireshark Label UM Configuration Option Notes
Multicast address range low transport_lbtrm_multicast_addrress_low Also transport_lbtrm_mulitcast_address
Multicast address range high transport_lbtrm_multicast_addrress_high Also transport_lbtrm_mulitcast_address
Destination port range low transport_lbtrm_destination_port
Destination port range high transport_lbtrm_destination_port
Source port range low transport_lbtrm_source_port_low
Source port range high transport_lbtrm_source_port_high
MIM incoming multicast address mim_incoming_address
MIM outgoing multicast address mim_outgoing_address


MIM incoming port mim_incoming_destination_port
MIM outgoing port mim_outgoing_destination_port



The LBT-RU Protocol:

Wireshark Label

UM Configuration Option

 Source port range low context transport_lbtru_port_low
 Source port range high context transport_lbtru_port_high
 Receiver port range low receiver transport_lbtru_port_low
 Receiver port range high  receiver transport_lbtru_port_high
 Separate NAKs in Expert Info  
 Separate NCFs in Expert Info


The LBT-TCP Protocol:

 Wireshark Label UM Configuration Option Notes
 Source port range low context transport_tcp_port_low
 Source port range high context transport_tcp_port_high
 Request port range low context request_tcp_port_low
 Request port range high context request_tcp_port_high
 UME Store port range low   port in xml cfg <store name="S1" port="12345">
UME Store port range high



The LBMR, LBT-RM, LBT-RU and LBT-TCP protocols have a Use <protocol> domain table checkbox. This is an organizational feature that provides a way to have different sets of UM configurations (Domains) in one logical group called a Configuration Profile. 

A Configuration Profile is the highest organizational unit of packet captures. Only one Profile can be active at a time in a Wireshark instance, but each Profile can contain multiple Domains. A Profile can represent a user, discrete systems, reflect other organizational structures, etc. The name of the active Profile is displayed in the right hand pane of the status bar. A Profile is also useful to separate Domains that have the same values, making it impossible to differentiate between them in one Profile.

Each set of UM configurations is thought of as a Domain. For instance, a distributed deployment may use different UM configurations at each location or system. Each UM Domain can then be named as LAN1, LAN2, etc. The packets from that Domain are tagged with that name, which makes visualizing and differentiating UM traffic from multiple Domains easier. 

More Information

​To download the plugin, login at and navigate to the directory /updates/Ultra Messaging (UM)/WireShark/

Applies To
Product: Ultra Messaging
Problem Type:
User Type: Architect; Developer
Project Phase:
Product Version:
Operating System:
Other Software:
Last Modified Date:7/8/2014 9:53 PMID:138613
People who viewed this also viewed


Did this KB document help you?

What can we do to improve this information (2000 or fewer characters)