Tip:
Highlight text to annotate it
X
In this tutorial we are going to install wireshark on linux ubuntu
and once that's installed, we are going to install the Wireshark Open Flow plug in. So, there's a dissector
that's open source that we're going to use to
view
Wireshark, captured Wireshark packets. First we are goint to update, I'm going to fastforward this really quick...
O.K. We've got our dependencies installed.
Next we're going to download
the left dissector from bit bucket. You are going to use mercurial which is HG to do that and you're going to clone that directory.
Once its downloaded CD and left dissector source,
let's make sure scons installed...it's installed.
So next, we need to export the Wireshark
ENB variable, so user include
Wireshark is where that lives. So, we need to do that for the build. So once that's there you can type export and see it.
Now, let's type scons install
and that will build the dissector.
With this build, there is a shared object file...
there's one inside of that directory, but I don't think we want to use the one that's put into the home directory of whatever you are logged in as. So, here it's root Wireshark Plugins OpenFlow.
We next need to include that into the library of Wireshark Plugins directory.
Once it's there, Wireshark will load and
load that plugin on start up,
and once it's copied there, you can take a look at it and see that it's there.
Next, we just need to start Wireshark.
So just run Wireshark from the command line...it's going to tell me that it's dangerous to do this.
I get this error every time and you can ignore that.
Let's choose, actually, let's first make sure the plugin shows up. So, go to help, ahh...there it is...
Help about Wireshark and then plugins...
about halfway down you should see openflow.so version 1.0
and then dissector in the type column.
So, let's pick an interface to do a packet capture on.
Since we are on a virtual machine it will show up as eth0.
Click start.
So, we're going to put a filter. So, what we are filtering here is all OF traffic...
and then we get traffic that starts to roll in
So here we have OpenFlow messages that are coming in
and actually being sent from the controller down to the switch.
So, if you are seeing that, that's good. Let's go ahead and go into one of these
packets
Let me resize this...let's take a look at it. So notice here that you have your traditional L2 framing, L3 packets.
Then we have this OpenFlow encapsulation messaging.
So keep drilling down into it,
and you'll see messages.
So here is an OpenFlow message of flow modification, so it's a flow mod saying
delete all matching flows. So what's actually happening here is a switch is just connecting to
a controller that was just started and typically what most controllers will do is flush all OpenFlow entries at start.
So let's drill down into the actual OpenFlow messaging.
You see output actions. You see flags.
You see what is matching.
So, this is the base for...uh...
you'll use wireshark to do tutorials and labs and see what's going on under the hood and look in the OpenFlow encapsulations between controller and switch.
So again, just put OF here, and
you can always do TCP Port...
== 6633 and
apply that.
You'll get a little extra garbage traffic.
The dissector every now and then has bugs on particular things on what it can and can't dissect,
but for the most part, it's very good. So, again, just type OF in that window, hit apply,
and now you are filtering out everything except for OpenFlow messaging.
So thanks, and we'll see you in the next tutorial.