Wireshark mailing list archives
Re: Parsing openflow
From: Shai Shapira <noforu () gmail com>
Date: Wed, 15 Aug 2018 17:16:44 +0300
Hey Avi The syntax you need to use in TShark’s -e option is the same one you’d use in the filter in Wireshark. An easy way to find what that would be is by clicking the field you want to export and look in the status bar in Wireshark, the value in the brackets will be the filter. Example for a field in SSL: Good luck From: Avi Cohen (A) Sent: Wednesday, August 15, 2018 17:08 To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Dario I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers) For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src This is probably incorrect syntax because it is not generate the required filed columns Best Regards Avi From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Dario Lombardo Sent: Tuesday, 14 August, 2018 2:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Parsing openflow Hi Avi Have a look at tshark and its -E and -e options. That could do the job. On Tue, Aug 14, 2018 at 1:19 PM Avi Cohen (A) <avi.cohen () huawei com> wrote: Hi I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch , And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as FFFF (don't care) Also the action (actions) should be put in a column I need this file as an input to an algorithm that should manipulate these flows ? My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ? Best Regards Avi ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe -- Naima is online.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Parsing openflow Avi Cohen (A) (Aug 14)
- Re: Parsing openflow Dario Lombardo (Aug 14)
- Re: Parsing openflow Avi Cohen (A) (Aug 14)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Dario Lombardo (Aug 15)
- Re: Parsing openflow Graham Bloice (Aug 15)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Shai Shapira (Aug 15)
- Re: Parsing openflow Avi Cohen (A) (Aug 15)
- Re: Parsing openflow Dario Lombardo (Aug 14)