LISP dissector for Wireshark

Wireshark is a popular open source network packet analyzer that allows decoding of protocol data for a very large number of network protocols.

Lorand Jakab implemented and maintains a decoding dissector of LISP data and control packets for Wireshark that is currently part of the official stable release.  Each new dissector release adds new features. However, stable releases typically happen only once a year, and during that time new LISP dissector features are only available from Lorand's official github repository or from the fork that you can find on LISPmob github page.

The code is organized in two files, one for data plane packets (packet-lisp-data.c), and another for control plane packets (packet-lisp.c). These files should be used to overwrite the upstream version in the epan/dissectors directory in the Wireshark source tree. The standard Wireshark source build procedure must be followed afterwards  to build the network analyzer.


LIG is a command line tool described on the LISP Internet Groper (LIG) RFC  that can be used to query the lisp mapping database.

LISPmob team has extended David Mayer's LIG implementation to provide further functionalities beyond the ones on the RFC:

  • Send Encapsulate Map Request and process answer
  • Send Map Request and process answer
  • Send Map Register

All messages are full configurable providing a Swiss army knife for LISP administrators and testers.

To obtain more information about LIG-LISPmob, check its man page.