Differences between revisions 1 and 2
Revision 1 as of 2007-03-10 09:26:33
Size: 1047
Editor: JoostDamad
Comment:
Revision 2 as of 2008-04-12 17:50:27
Size: 1053
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * ["TCP"]: Typically, EPMD uses ["TCP"] as its transport protocol. The well known TCP port for EPMD traffic is 4369.  * [[TCP]]: Typically, EPMD uses [[TCP]] as its transport protocol. The well known TCP port for EPMD traffic is 4369.
Line 21: Line 21:
 * attachment:SampleCaptures/epmd.pcap  * [[attachment:SampleCaptures/epmd.pcap]]
Line 25: Line 25:
A complete list of EPMD display filter fields can be found in the [http://www.wireshark.org/docs/dfref/e/epmd.html display filter reference] A complete list of EPMD display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/e/epmd.html|display filter reference]]

Erlang Port Mapper Daemon (EPMD)

EPMD (Erlang Port Mapper Daemon) messages are the messages sent between Erlang nodes and the empd process. The message formats are derived from the * lib/kernel/src/erl_epmd.* files as part of the Erlang distribution available from http://www.erlang.org/

Erlang is a functional programming language.

Protocol dependencies

  • TCP: Typically, EPMD uses TCP as its transport protocol. The well known TCP port for EPMD traffic is 4369.

Wireshark

The EPMD dissector is fully functional, except that the names part of the Names message are not dissected. The dissector uses a simple heuristic to decide if a packet is really an EPMD message: it tries to find the message type code at the correct byte in the message.

Example capture file

Display Filter

A complete list of EPMD display filter fields can be found in the display filter reference

EPMD (last edited 2008-04-12 17:50:27 by localhost)