Jump to: navigation, search

OpenDaylight OpenFlow Plugin:OF1.3 Enabled Wireshark

Intro

Using Wireshark to monitor traffic on the wire is fantastically useful for seeing what's really happening.

Getting Wireshark

The Good News is, the mainstream wireshark now has support for OpenFlow 1.3. The bad news is it does not appear to have made it into any of the releases yet.

But, you can build it pretty easily on a unix system. Complete documentation exists.

I have some pre-built Ubuntu debs here:

To install them on

hagbard@ubuntu:~/Downloads/eclipse$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 12.04.1 LTS
Release:	12.04
Codename:	precise

Simply type:

sudo apt-get remove libwireshark-data
sudo dpkg -i wireshark_1.11.3_i386.deb wireshark-common_1.11.3_i386.deb tshark_1.11.3_i386.deb 

The "dpkg" command will likely throw dependancy errors. Dependencies can be resolved after running the "dpkg -i" command above by running the following:

apt-get -f install

Hints for using Wireshark for OF 1.3 traffic

For general instructions on using Wireshark please see their user's guide

Enabling OpenFlow Decode

At first run go to Edit > Preferences > Protocols > OpenFlow, and select your preferred OpenFlow TCP port, and also tick the reassemble flag to enable the dissector to correctly display segmented OpenFlow messages.

If you only want to see the OpenFlow 1.3 messages only, use the following filter expression:

openflow_v4

Following a particular stream

If you have a lot of switches going, the original filter by port is going to be insufficient to make sense of it all. So I would suggest picking a packet from a connection that interests you, right clicking on it and selecting 'Follow TCP Stream'. This will set a display filter to show just that TCP stream.

Feedback

If you have bug reports or improvement ideas regarding the OpenFlow dissector, feel free to open a ticket at Wireshark Bugzilla, or send them directly to zoltan.lajos.kis@ericsson.com. Don't forget to include a pcap trace, if possible.