Wireshark-dev: Re: [Wireshark-dev] Parsing openflow
From: Shai Shapira <[email protected]>
Date: Wed, 15 Aug 2018 17:16:44 +0300

Hey Avi

The syntax you need to use in TShark’s -e option is the same one you’d use in the filter in Wireshark.

An easy way to find what that would be is by clicking the field you want to export and

look in the status bar in Wireshark, the value in the brackets will be the filter.

Example for a field in SSL:

 

Good luck

 

From: Avi Cohen (A)
Sent: Wednesday, August 15, 2018 17:08
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow

 

Hi Dario

 

I can easily create a file with the  packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..)  – but I need the TCP payload fields (which are the flow headers)

For example I need to the surrounded fields in the picture below (or in the attached png), something like  tshark –T fileds –e OpenFlow.of_match.eth_src

This is probably incorrect  syntax because it is not generate the required filed columns

Best Regards

Avi

 

 

cid:image002.png@01D434B8.690F8A80

 

 

 

 

From: Wireshark-dev [mailto:[email protected]] On Behalf Of Dario Lombardo
Sent: Tuesday, 14 August, 2018 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow

 

Hi Avi

Have a look at tshark and its -E and -e options. That could do the job.

 

On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <[email protected]> wrote:

Hi
I need to capture open-flow msgs  (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g.  a *file* which its rows are the captured flows and its  columns  are the flow header fields e.g. column 1 source-mac , column 2 dest-mac  , column 3 source-IP etc..  - whenever a field is not relevant I can set the fields as FFFF (don't care)
Also the action (actions)  should be put in a column   
I need this file as an input to an algorithm that should manipulate these flows ?

My question can I use the wireshark  pkg for this purpose ? if yes what is the recommended way   ?

Best Regards
Avi
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-[email protected]?subject=unsubscribe


 

--

Naima is online.