Try to right-click on the field you want to extract and choose "prepare a filter -> selected". In the upper part of wireshark a filter with the field you want will appear. That's the name of the field. However, if you used an invalid name before, tshark would tell you (tshark: Some fields aren't valid:). Remember that if a packet doesn't have that field, nothing will be printed. Make some practice with easier fields (I suggest ip.src) if you're not used to those tshark options.
Hi Dario
I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields
(which are the flow headers)
For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src
This is probably incorrect syntax because it is not generate the required filed columns
Best Regards
Avi
From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]
On Behalf Of Dario Lombardo
Sent: Tuesday, 14 August, 2018 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow
Hi Avi
Have a look at tshark and its -E and -e options. That could do the job.
Hi
I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as FFFF (don't
care)
Also the action (actions) should be put in a column
I need this file as an input to an algorithm that should manipulate these flows ?
My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ?
Best Regards
Avi
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:
https://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--