Setting up the development environment

  1. Make sure that you are using a clean and recently updated Ubuntu 18.04. This environment assumes you’re running as a non-root user with sudo access.

  2. We use Bazel for both building and testing. To be able to define the bazel version in the repository we use the bazelisk wrapper around bazel. To set it up simply use:


    and make sure that ~/bin is on your PATH.

    You can also manually install bazelisk and create an alias so that bazel will resolve to the bazelisk command.

  3. Next, clone the SCION repository into the appropriate directory inside your workspace. In the commands below, replace ${WORKSPACE} with the directory in which you want to set up the project:

    cd ${WORKSPACE}
    git clone
    cd scion
  4. For this step, make sure you are in the scion repository root. To install the required dependencies, run:

  5. Install docker. Please follow the instructions for docker-ce. Then, add your user to the docker group: sudo usermod -a -G docker ${LOGNAME}, where ${LOGNAME} is replaced with your user name. Log out and log back in so that your membership of the docker group is seen by the shell session.

    Optionally install docker-compose. This is needed if you want to run the docker-compose based test topology setup instead of the default setup based on supervisord. Please follow the instructions for docker-compose.

  6. Start the bazel-remote container.

    We use bazel-remote to cache build artifacts from bazel. Bazel-remote can manage the disk space and does not infinitely grow like the Bazel built-in disk-cache. To start bazel-remote run:

    ./ bazel_remote
  7. SCION networks are composed of many different applications. To simplify testing, we provide a tool that generates test topologies. To generate the files required by the default topology (see doc/fig/default_topo.png for a diagram of this topology), run:

    ./ topology

    The above command creates the gen directory, which contains configuration files and cryptographic material for multiple SCION ASes and ISDs.

  8. To start the infrastructure we just generated, run:

    ./ run
  9. To verify that your topology is running correctly, you can run an end to end reachability test using:

  10. To stop the infrastructure, run:

    ./ stop
  11. Finally, check that unit tests run correctly:

    ./ test
  12. (Optional) If you already have some code you wish to contribute upstream, you can also run the linters locally with:

    ./ lint


To inspect SCION packets that are sent over the wire it can be helpful to use Wireshark. We use version 3.x of Wireshark, which is not shipped by default on Ubuntu 18.04. To install it use:

sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt-get update
sudo apt-get install wireshark

To use the SCION dissector you need to install it:

mkdir -p ~/.wireshark/plugins
cp tools/wireshark/scion.lua ~/.wireshark/plugins

After that you can test it by running a topology and using a SCION filter for example:

tshark -Y 'scion.dst_as == "ff00:0:110"'

Work remotely with Wireshark

Sometimes it can be handy to use the remote feature of wireshark to tap into an interface on a different machine.

  1. Install wireshark on your local OS.

    • For Ubuntu install as described in the steps above.
    • For MacOS and Windows just download & install from the wireshark website.
  2. Install dissector plugin

    To install the dissector lua plugin copy it in the plugin folder of wireshark:

    • Ubuntu: same as in the previous step
    • Windows: %APPDATA%\Wireshark\plugins
    • MacOS: /Applications/


    The folder needs to be created if it doesn’t exist. (for more details visit wireshark website: Plugin folders)

  3. Prepare the remote machine

    Install tcpdump:

    sudo apt-get install tcpdump

    The user used to SSH into the remote machine needs to have full access to tcpdump. Hence create a new group and add this user to the group. SSH into the remote machine and execute:

    sudo groupadd pcap
    sudo usermod -a -G pcap $USER

    set this group as the owner of tcpdump:

    sudo chgrp pcap /usr/sbin/tcpdump
    sudo chmod 750 /usr/sbin/tcpdump

    give tcpdump the necessary permissions:

    sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump


    This will allow every user part of the pcap group to use the full capabilities of tcpdump!

  4. Figure out the network interface on the remote host you want to tap into: Get an IP address used by the SCION topology that’s probably running with docker. Search for the network-interface that’s with the corresponding subnet.

  5. Start wireshark and click on the gear next to the interface named “SSH remote capture: sshdump” Fill in the IP address and Port of the remote host, as well as your preferred authentication method in the Authentication tab. At the Capture tab write the name of the interface you found in the previous step. Find the a screenshot of an example below:

  6. Now you are ready to click start and investigate some SCION traffic