Thank you Dario and Graham I probably did not explain well what I wanted to do. I need to capture real traffic of openflow protocol (actually only the specific msg-type “of-flow-add” ) and to filter in e.g. the fields surrounded in the picture below. It can be tshark or wireshark. Then on the 2nd stage I want to generate a file which its rows are flows and its columns are these filtered fields
Best Regards Avi [cid:image001.png@01D434C6.3DDF2470] From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Graham Bloice Sent: Wednesday, 15 August, 2018 6:15 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow On Wed, 15 Aug 2018 at 16:04, Dario Lombardo <lom...@gmail.com<mailto:lom...@gmail.com>> wrote: Try to right-click on the field you want to extract and choose "prepare a filter -> selected". In the upper part of wireshark a filter with the field you want will appear. That's the name of the field. However, if you used an invalid name before, tshark would tell you (tshark: Some fields aren't valid:). Remember that if a packet doesn't have that field, nothing will be printed. Make some practice with easier fields (I suggest ip.src) if you're not used to those tshark options. No need to create a filter, select the field in the packet tree and look for the field name in the status bar in parenthesis. On Wed, Aug 15, 2018 at 4:08 PM Avi Cohen (A) <avi.co...@huawei.com<mailto:avi.co...@huawei.com>> wrote: Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org<mailto:wireshark-dev-boun...@wireshark.org>] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <avi.co...@huawei.com<mailto:avi.co...@huawei.com>> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as FFFF (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org<mailto:wireshark-dev@wireshark.org>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org<mailto:wireshark-dev@wireshark.org>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Naima is online. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org<mailto:wireshark-dev@wireshark.org>> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org<mailto:wireshark-dev-requ...@wireshark.org>?subject=unsubscribe -- Graham Bloice Software Developer Trihedral UK Limited
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
