Re: [Wireshark-dev] Parsing openflow
Ok – Now it works thanks to all three of you Best Regards Avi From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Shai Shapira Sent: Wednesday, 15 August, 2018 5:17 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hey Avi The syntax you need to use in TShark’s -e option is the same one you’d use in the filter in Wireshark. An easy way to find what that would be is by clicking the field you want to export and look in the status bar in Wireshark, the value in the brackets will be the filter. Example for a field in SSL: [cid:image001.png@01D434C8.F1C57460] Good luck From: Avi Cohen (A)<mailto:avi.co...@huawei.com> Sent: Wednesday, August 15, 2018 17:08 To: Developer support list for Wireshark<mailto:wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Parsing openflow Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi [cid:image002.png@01D434B8.690F8A80] From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) mailto:avi.co...@huawei.com>> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___ Sent via:Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Parsing openflow
Thank you Dario and Graham I probably did not explain well what I wanted to do. I need to capture real traffic of openflow protocol (actually only the specific msg-type “of-flow-add” ) and to filter in e.g. the fields surrounded in the picture below. It can be tshark or wireshark. Then on the 2nd stage I want to generate a file which its rows are flows and its columns are these filtered fields Best Regards Avi [cid:image001.png@01D434C6.3DDF2470] From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Graham Bloice Sent: Wednesday, 15 August, 2018 6:15 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow On Wed, 15 Aug 2018 at 16:04, Dario Lombardo mailto:lom...@gmail.com>> wrote: Try to right-click on the field you want to extract and choose "prepare a filter -> selected". In the upper part of wireshark a filter with the field you want will appear. That's the name of the field. However, if you used an invalid name before, tshark would tell you (tshark: Some fields aren't valid:). Remember that if a packet doesn't have that field, nothing will be printed. Make some practice with easier fields (I suggest ip.src) if you're not used to those tshark options. No need to create a filter, select the field in the packet tree and look for the field name in the status bar in parenthesis. On Wed, Aug 15, 2018 at 4:08 PM Avi Cohen (A) mailto:avi.co...@huawei.com>> wrote: Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org<mailto:wireshark-dev-boun...@wireshark.org>] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) mailto:avi.co...@huawei.com>> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___ Sent via:Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Graham Bloice Software Developer Trihedral UK Limited ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Parsing openflow
Hey Avi The syntax you need to use in TShark’s -e option is the same one you’d use in the filter in Wireshark. An easy way to find what that would be is by clicking the field you want to export and look in the status bar in Wireshark, the value in the brackets will be the filter. Example for a field in SSL: Good luck From: Avi Cohen (A) Sent: Wednesday, August 15, 2018 17:08 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___ Sent via: Wireshark-dev mailing list Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Parsing openflow
On Wed, 15 Aug 2018 at 16:04, Dario Lombardo wrote: > Try to right-click on the field you want to extract and choose "prepare a > filter -> selected". In the upper part of wireshark a filter with the field > you want will appear. That's the name of the field. However, if you used an > invalid name before, tshark would tell you (tshark: Some fields aren't > valid:). Remember that if a packet doesn't have that field, nothing will be > printed. Make some practice with easier fields (I suggest ip.src) if you're > not used to those tshark options. > > No need to create a filter, select the field in the packet tree and look for the field name in the status bar in parenthesis. > On Wed, Aug 15, 2018 at 4:08 PM Avi Cohen (A) > wrote: > >> Hi Dario >> >> >> >> I can easily create a file with the packets headers as a columns (the >> original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP >> payload fields (which are the flow headers) >> >> For example I need to the surrounded fields in the picture below (or in >> the attached png), something like tshark –T fileds –e >> OpenFlow.of_match.eth_src >> >> This is probably incorrect syntax because it is not generate the >> required filed columns >> >> Best Regards >> >> Avi >> >> >> >> >> >> [image: cid:image002.png@01D434B8.690F8A80] >> >> >> >> >> >> >> >> >> >> *From:* Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] *On >> Behalf Of *Dario Lombardo >> *Sent:* Tuesday, 14 August, 2018 2:50 PM >> *To:* Developer support list for Wireshark >> *Subject:* Re: [Wireshark-dev] Parsing openflow >> >> >> >> Hi Avi >> >> Have a look at tshark and its -E and -e options. That could do the job. >> >> >> >> On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) >> wrote: >> >> Hi >> I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from >> controller to vSwitch , >> And to generate e.g. a *file* which its rows are the captured flows and >> its columns are the flow header fields e.g. column 1 source-mac , column >> 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant >> I can set the fields as (don't care) >> Also the action (actions) should be put in a column >> I need this file as an input to an algorithm that should manipulate these >> flows ? >> >> My question can I use the wireshark pkg for this purpose ? if yes what >> is the recommended way ? >> >> Best Regards >> Avi >> >> ___ >> Sent via:Wireshark-dev mailing list >> Archives:https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> >> >> >> >> -- >> >> Naima is online. >> >> >> ___ >> Sent via:Wireshark-dev mailing list >> Archives:https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe > > > > -- > > Naima is online. > > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Graham Bloice Software Developer Trihedral UK Limited ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Parsing openflow
Thank you Dario From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) mailto:avi.co...@huawei.com>> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___ Sent via:Wireshark-dev mailing list mailto:wireshark-dev@wireshark.org>> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Parsing openflow
Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) wrote: > Hi > I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from > controller to vSwitch , > And to generate e.g. a *file* which its rows are the captured flows and > its columns are the flow header fields e.g. column 1 source-mac , column > 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant > I can set the fields as (don't care) > Also the action (actions) should be put in a column > I need this file as an input to an algorithm that should manipulate these > flows ? > > My question can I use the wireshark pkg for this purpose ? if yes what is > the recommended way ? > > Best Regards > Avi > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe -- Naima is online. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Parsing openflow
Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
