Re: Parsing openflow

[Dario Lombardo <lomato () gmail com>]

Try to right-click on the field you want to extract and choose "prepare a
filter -> selected". In the upper part of wireshark a filter with the field
you want will appear. That's the name of the field. However, if you used an
invalid name before, tshark would tell you (tshark: Some fields aren't
valid:). Remember that if a packet doesn't have that field, nothing will be
printed. Make some practice with easier fields (I suggest ip.src) if you're
not used to those tshark options.

On Wed, Aug 15, 2018 at 4:08 PM Avi Cohen (A) <avi.cohen () huawei com> wrote:

> Hi Dario
>
>
>
> I can easily create a file with the  packets headers as a columns (the
> original headers of a pkt e.g eth ip tcp etc..)  – but I need the TCP
> payload fields (which are the flow headers)
>
> For example I need to the surrounded fields in the picture below (or in
> the attached png), something like  tshark –T fileds –e
> OpenFlow.of_match.eth_src
>
> This is probably incorrect  syntax because it is not generate the required
> filed columns
>
> Best Regards
>
> Avi
>
>
>
>
>
> [image: cid:image002.png@01D434B8.690F8A80]
>
>
>
>
>
>
>
>
>
> *From:* Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] *On
> Behalf Of *Dario Lombardo
> *Sent:* Tuesday, 14 August, 2018 2:50 PM
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] Parsing openflow
>
>
>
> Hi Avi
>
> Have a look at tshark and its -E and -e options. That could do the job.
>
>
>
> On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <avi.cohen () huawei com>
> wrote:
>
> Hi
> I need to capture open-flow msgs  (e.g FLOW_MOD to add new flows) from
> controller to vSwitch ,
> And to generate e.g.  a *file* which its rows are the captured flows and
> its  columns  are the flow header fields e.g. column 1 source-mac , column
> 2 dest-mac  , column 3 source-IP etc..  - whenever a field is not relevant
> I can set the fields as FFFF (don't care)
> Also the action (actions)  should be put in a column
> I need this file as an input to an algorithm that should manipulate these
> flows ?
>
> My question can I use the wireshark  pkg for this purpose ? if yes what is
> the recommended way   ?
>
> Best Regards
> Avi
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
>
>
>
>
> --
>
> Naima is online.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe



-- 

Naima is online.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe