Hey Avi
The syntax you need to use in TShark’s -e option is the same one you’d use in the filter in Wireshark.
An easy way to find what that would be is by clicking the field you want to export and
look in the status bar in Wireshark, the value in the brackets will be the filter.
Example for a field in SSL:
Good luck
Hi Dario
I can easily create a file with the packets headers as a columns (the original headers of a pkt e.g eth ip tcp etc..) – but I need the TCP payload fields (which are the flow headers)
For example I need to the surrounded fields in the picture below (or in the attached png), something like tshark –T fileds –e OpenFlow.of_match.eth_src
This is probably incorrect syntax because it is not generate the required filed columns
Best Regards
Avi
From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Dario Lombardo
Sent: Tuesday, 14 August, 2018 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow
Hi Avi
Have a look at tshark and its -E and -e options. That could do the job.
Hi
I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g. column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the fields as FFFF (don't care)
Also the action (actions) should be put in a column
I need this file as an input to an algorithm that should manipulate these flows ?
My question can I use the wireshark pkg for this purpose ? if yes what is the recommended way ?
Best Regards
Avi
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Naima is online.