Wireshark mailing list archives
Re: Parsing openflow
From: Dario Lombardo <lomato () gmail com>
Date: Wed, 15 Aug 2018 17:02:00 +0200
Try to right-click on the field you want to extract and choose "prepare a filter -> selected". In the upper part of wireshark a filter with the field you want will appear. That's the name of the field. However, if you used an invalid name before, tshark would tell you (tshark: Some fields aren't valid:). Remember that if a packet doesn't have that field, nothing will be printed. Make some practice with easier fields (I suggest ip.src) if you're not used to those tshark options. On Wed, Aug 15, 2018 at 4:08 PM Avi Cohen (A) <avi.cohen () huawei com> wrote:
Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi [image: cid:image002.png@01D434B8.690F8A80] *From:* Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] *On Behalf Of *Dario Lombardo *Sent:* Tuesday, 14 August, 2018 2:50 PM *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <avi.cohen () huawei com> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as FFFF (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe -- Naima is online. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
-- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Parsing openflow Avi Cohen (A) (Aug 14)
- Re: Parsing openflow Dario Lombardo (Aug 14)
- Re: Parsing openflow Avi Cohen (A) (Aug 14)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Dario Lombardo (Aug 15)
- Re: Parsing openflow Graham Bloice (Aug 15)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Shai Shapira (Aug 15)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Dario Lombardo (Aug 14)