Wireshark · Wireshark-dev: Re: [Wireshark-dev] Parsing openflow

["Avi Cohen (A)" <avi.cohen@xxxxxxxxxx>]

Hi Dario

 

I can easily create a file with the  packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..)  – but I need the TCP payload fields (which are the flow headers)

For example I need to the surrounded fields in the picture below (or in the attached png), something like  tshark –T fileds –e OpenFlow.of_match.eth_src

This is probably incorrect  syntax because it is not generate the required filed columns

Best Regards

Avi

 

 

 

 

 

 

From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Dario Lombardo
Sent: Tuesday, 14 August, 2018 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow

 

Hi Avi

Have a look at tshark and its -E and -e options. That could do the job.

 

On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <avi.cohen@xxxxxxxxxx> wrote:

Hi
I need to capture open-flow msgs  (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g.  a *file* which its rows are the captured flows and its  columns  are the flow header fields e.g. column 1 source-mac , column 2 dest-mac  , column 3 source-IP etc..  - whenever a field is not relevant I can set the fields as FFFF (don't care)
Also the action (actions)  should be put in a column   
I need this file as an input to an algorithm that should manipulate these flows ?

My question can I use the wireshark  pkg for this purpose ? if yes what is the recommended way   ?

Best Regards
Avi
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

 

--

Naima is online.

Attachment: avi.png
Description: avi.png