Compiling Wireshark to Install the OpenFlow Dissector on a MAC
- Update: the OpenFlow dissector appears natively included in the nightly Ubuntu dev builds and even better, native in Fedora 19:
- ### Fedora 19 Wireshark Installation ###
1) sudo yum install wireshark
2) Nothing! Its that easy w/ native OpenFlow support +1
For an X session on Fedora over SSH perform the following.
1) Install the following:
sudo yum install xorg-x11-xauth
sudo yum install xorg-x11-fonts-*
sudo yum install xorg-x11-utils
======================
2) Enable the following in the sshd_config file:
=============================
Change X11Forwarding to yes and uncomment:
X11Forwarding yes
====== sshd_config ==========
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes <=== change this #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes =============== $ export (should contain) declare -x DISPLAY="localhost:10.0" ========================= Now you can "ssh -X 192.168.1.100" to your host and run an X Wireshark session using "sudo wireshark".
### Mac Installation ###
Wireshark 1.11.0-SVN-52202
http://www.wireshark.org/download/automated/
- For a Mac just install quartz and this build and run as su.
- sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark
### Installing on Ubuntu using the PPA repo try the following ###
- sudo apt-get install python-software-properties
- sudo add-apt-repository ppa:mighost/ppa
- sudo apt-get update
- ### The following was pulled from 1.12.0~201309171613-1ppa1~precise in a dpkg –list. You likely don’t need to mess with repo preferences.###
- sudo apt-get install wireshark-common libwireshark3 libwireshark-data libwireshark3 libwiretap3
- sudo wireshark
- ### To run remotely you can connect using X over ssh with ‘ssh -XY
For those looking to learn or begin some development work with OpenFlow your trusty friend is the OpenFlow Wireshark dissector. Unfortunately it is still not available as a built in plugin packaged with the Wireshark binary yet. So in the meantime it requires compiling wireshark to get the C header files to generate the shared object file to drop into the Wireshark plugin directory. First install MacPorts, then compile Wireshark with MacPorts and lastly compiling the OpenFlow Dissector.
For the impatient, quick install: Wireshark OpenFlow on a MAC
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#Install MacPorts sudo port install wireshark-devel sudo port install scons sudo port install mercurial hg clone https://bitbucket.org/barnstorm/ng-of-dissector export WIRESHARK=/opt/local/include/wireshark/ cd of-dissector/src apt-get install scons alias sudo='sudo env WIRESHARK=/usr/include/wireshark/' sudo scons install #This creates a shared object (so) named openflow.so. #Move openflow.so to the Wireshark plugin directory. sudo mv ~/.wireshark/plugins/openflow.so /usr/lib/wireshark/libwireshark1/plugins/ |
Download and Install MacPorts
First download and install MacPorts. My buddy Murphy McCauley has a tutorial using HomeBrew here. I had some dependency issues particularly around GTK+ 2.12 since Wireshark needs >= GTK+ 2.40.
First download MacPorts. I am using MacPorts becuase they have Wireshark in their repository.
Download and Install MAC Ports
Compile Wireshark using MACPorts
Once ports is installed, build the following packages.
MacPorts will download and do most of the heavy lifting for you. Compiling from source is fairly painful to get the right combination of deps.
|
1 2 3 4 5 |
sudo port install wireshark sudo port install scons sudo port install mercurial |
Download and Install the Wireshark Dissector
Next pull down the of-dissector that Nick Bastin forked from the original Stanford one. CPqD also has some from v1.0-v1.3. Keep in mind that to capture OpenFlow v1.0 you need an OpenFlow v1.0 dissector and so on. The specs are pretty different with regard to error codes, messages and data structures so one size fits all is not a small task.
Using mercurial (hg) pull the dissector. Next you need to export the wireshark directory that contains the C header files that MacPorts installs to /opt/local/include/wireshark/. If the scons build complains, try searching for packet.h in a Wireshark directory.
|
1 2 3 4 5 6 7 8 9 10 |
hg clone https://bitbucket.org/barnstorm/ng-of-dissector export WIRESHARK=/opt/local/include/wireshark/ alias sudo='sudo env WIRESHARK=/opt/local/include/wireshark/' cd ng-of-dissector/src/ sudo scons install #This creates a shared object (so) named openflow.so. #Move openflow.so to the Wireshark plugin directory. sudo mv ~/.wireshark/plugins/openflow.so /usr/lib/wireshark/libwireshark1/plugins/ |
If you have never installed Wireshark the libwireshark1 above will just be libwireshark. Scons will drop a file named openflow.so into your home directory. You just need to move openflow.so to your Wireshark plugin directory.
I had to hack around for a while to get this working so I cant guarantee these are all of the exact steps and there isn’t another dependency needed but Im pretty sure it pretty close.
Running Wireshark With The OpenFlow Dissector
Next run the application w/sudo.
|
1 2 3 |
sudo /opt/local/bin/wireshark |
Then in the filter box type “of” and hit enter or apply. Fire up your controller and point a network element at it and off you go.
You can then drill down into the OF encapsulated packet, to view the OpenFlow messages.
Thanks for stopping by. I can try and assist anyone having issues but keep in mind don’t have another Mac that I could replicate any issues on so its may be tricky. Thanks to Murphy and Nick for putting up docs and code for this. Cheers.
Thanks for posting this — fwiw, I’ve gotten the original Stanford wireshark dissector to compile on MAC, but it was a PITA and I’m not sure I could do it again with current wireshark versions. I’d be interested in knowing if you see any functionality difference between the stanford and Nick Bastin’s version (IIRC, Nick’s was a complete rewrite).
Getting functional wireshark dissectors is unfortunately a very valuable thing right now (I say unfortunately because one would like to think you wouldn’t need to read direct from the wire that often but it really is ground truth).
Thanks Brent!
Hi Rob, Thanks a bunch for the insight. Quite the treat having an OF mogul stopping by. Its funny you mention upstreaming. I just started a thread earlier this morning with some folks to try and get a push to get it upstreamed, Nick being one of them.
Would you mind me adding you to the thread?
Thanks!!
-Brent
Mogul!? Take that back 😛
Please do add me to the thread. Also, if you’re looking at wireshark-like stuff, you may enjoy reading up on my (verging on ancient) tool oftrace — it’s a programatic wrapper for parsing through tcpdump’s of openflow control traffic. It even has some example utilities like computing average RTT of topology discovery messages or packet_in/flow_mod out controller response times. It’s incredibly poorly documented but might be of interest to you:
http://www.openflow.org/wk/index.php/Liboftrace
I’m on the second to last step, ‘sudo scons install’, and am receiving the following errors. http://pastebin.com/5wpeBDzG Any idea why it can’t find the header files?
Hey Ben, I am getting the same. Will try and find some time to debug. Even better will be to pester and try and get this damn thing upstreamed into Wireshark. Ask on irc.freenode.net #openflow in the meantime. Sorry for the delayed response mate.
cheers,
-Brent
Hi, I am using Mac mavericks(10.9.2) and wireshark 1.10.7. I have gone through your steps and now I am trapped in the inverted second step:(sudo scons install), and the error information is as below:
tu065034:src zhongzhizhen$ sudo scons install
scons: Reading SConscript files …
Package glib-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `glib-2.0.pc’
to the PKG_CONFIG_PATH environment variable
No package ‘glib-2.0’ found
OSError: ‘pkg-config –cflags –libs glib-2.0’ exited 1:
File “/Users/zhongzhizhen/ng-of-dissector/src/SConstruct”, line 46:
env.ParseConfig(‘pkg-config –cflags –libs glib-2.0’)
File “/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/scons-2.3.0/SCons/Environment.py”, line 1554:
return function(self, self.backtick(command))
File “/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/scons-2.3.0/SCons/Environment.py”, line 596:
raise OSError(“‘%s’ exited %d” % (command, status))
so what can I do? I am very anxious about this, thank you!