Compiling Wireshark to Install the OpenFlow Dissector on a MAC

Compiling Wireshark to Install the OpenFlow Dissector on a MAC


Compiling Wireshark to Install the OpenFlow Dissector on a MAC
OpenFlow from Package PPA
  • Update: the OpenFlow dissector appears natively included in the nightly Ubuntu dev builds and even better, native in Fedora 19:
  • ### Fedora 19 Wireshark Installation ###
    1) sudo yum install wireshark
    2) Nothing! Its that easy w/ native OpenFlow support +1
    For an X session on Fedora over SSH perform the following.
    1) Install the following:
    sudo yum install xorg-x11-xauth
    sudo yum install xorg-x11-fonts-*
    sudo yum install xorg-x11-utils
    2) Enable the following in the sshd_config file:
    Change X11Forwarding to yes and uncomment:
    X11Forwarding yes
    ====== sshd_config ==========
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes <=== change this #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes =============== $ export (should contain) declare -x DISPLAY="localhost:10.0" ========================= Now you can "ssh -X" to your host and run an X Wireshark session using "sudo wireshark".

### Mac Installation ###
Wireshark 1.11.0-SVN-52202

  • For a Mac just install quartz and this build and run as su.
  • sudo /Applications/

### Installing on Ubuntu using the PPA repo try the following ###

  • sudo apt-get install python-software-properties
  • sudo add-apt-repository ppa:mighost/ppa
  • sudo apt-get update
  • ### The following was pulled from 1.12.0~201309171613-1ppa1~precise in a dpkg –list. You likely don’t need to mess with repo preferences.###
  • sudo apt-get install wireshark-common libwireshark3 libwireshark-data libwireshark3 libwiretap3
  • sudo wireshark
  • ### To run remotely you can connect using X over ssh with ‘ssh -XY

Link to the PPA Repo

For those looking to learn or begin some development work with OpenFlow your trusty friend is the OpenFlow Wireshark dissector. Unfortunately it is still not available as a built in plugin packaged with the Wireshark binary yet. So in the meantime it requires compiling wireshark to get the C header files to generate the shared object file to drop into the Wireshark plugin directory. First install MacPorts, then compile Wireshark with MacPorts and lastly compiling the OpenFlow Dissector.

For the impatient, quick install: Wireshark OpenFlow on a MAC

Download and Install MacPorts

First download and install MacPorts. My buddy Murphy McCauley has a tutorial using HomeBrew here. I had some dependency issues particularly around GTK+ 2.12 since Wireshark needs >= GTK+ 2.40.

First download MacPorts. I am using MacPorts becuase they have Wireshark in their repository.
Download and Install MAC Ports

Compile Wireshark using MACPorts

Once ports is installed, build the following packages.

MacPorts will download and do most of the heavy lifting for you. Compiling from source is fairly painful to get the right combination of deps.

Download and Install the Wireshark Dissector

Next pull down the of-dissector that Nick Bastin forked from the original Stanford one. CPqD also has some from v1.0-v1.3. Keep in mind that to capture OpenFlow v1.0 you need an OpenFlow v1.0 dissector and so on. The specs are pretty different with regard to error codes, messages and data structures so one size fits all is not a small task.

Using mercurial (hg) pull the dissector. Next you need to export the wireshark directory that contains the C header files that MacPorts installs to /opt/local/include/wireshark/. If the scons build complains, try searching for packet.h in a Wireshark directory.

If you have never installed Wireshark the libwireshark1 above will just be libwireshark. Scons will drop a file named into your home directory. You just need to move to your Wireshark plugin directory.

I had to hack around for a while to get this working so I cant guarantee these are all of the exact steps and there isn’t another dependency needed but Im pretty sure it pretty close.

Running Wireshark With The OpenFlow Dissector

Next run the application w/sudo.

Then in the filter box type “of” and hit enter or apply. Fire up your controller and point a network element at it and off you go.

OpenFlow Packet Capture Wireshark

You can then drill down into the OF encapsulated packet, to view the OpenFlow messages.

OpenFlow Wireshark Dissector Mac

Thanks for stopping by. I can try and assist anyone having issues but keep in mind don’t have another Mac that I could replicate any issues on so its may be tricky. Thanks to Murphy and Nick for putting up docs and code for this. Cheers.

About the Author

Brent SalisburyI have over 15 years of experience wearing various hats from, network engineer, architect, devops and software engineer. I currently have the pleasure of working at the company that develops my favorite software I have ever used, Docker. My comments here are my personal thoughts and opinions. More at Brent's BioView all posts by Brent Salisbury →

  1. Rob SherwoodRob Sherwood05-22-2013

    Thanks for posting this — fwiw, I’ve gotten the original Stanford wireshark dissector to compile on MAC, but it was a PITA and I’m not sure I could do it again with current wireshark versions. I’d be interested in knowing if you see any functionality difference between the stanford and Nick Bastin’s version (IIRC, Nick’s was a complete rewrite).

    Getting functional wireshark dissectors is unfortunately a very valuable thing right now (I say unfortunately because one would like to think you wouldn’t need to read direct from the wire that often but it really is ground truth).

    Thanks Brent!

    • Brent SalisburyBrent Salisbury05-22-2013

      Hi Rob, Thanks a bunch for the insight. Quite the treat having an OF mogul stopping by. Its funny you mention upstreaming. I just started a thread earlier this morning with some folks to try and get a push to get it upstreamed, Nick being one of them.

      Would you mind me adding you to the thread?


      • Rob SherwoodRob Sherwood05-22-2013

        Mogul!? Take that back 😛

        Please do add me to the thread. Also, if you’re looking at wireshark-like stuff, you may enjoy reading up on my (verging on ancient) tool oftrace — it’s a programatic wrapper for parsing through tcpdump’s of openflow control traffic. It even has some example utilities like computing average RTT of topology discovery messages or packet_in/flow_mod out controller response times. It’s incredibly poorly documented but might be of interest to you:

  2. Ben GeelsBen Geels07-25-2013

    I’m on the second to last step, ‘sudo scons install’, and am receiving the following errors. Any idea why it can’t find the header files?

  3. Brent SalisburyBrent Salisbury08-18-2013

    Hey Ben, I am getting the same. Will try and find some time to debug. Even better will be to pester and try and get this damn thing upstreamed into Wireshark. Ask on #openflow in the meantime. Sorry for the delayed response mate.


  4. ZhizhenZhizhen05-01-2014

    Hi, I am using Mac mavericks(10.9.2) and wireshark 1.10.7. I have gone through your steps and now I am trapped in the inverted second step:(sudo scons install), and the error information is as below:
    tu065034:src zhongzhizhen$ sudo scons install
    scons: Reading SConscript files …
    Package glib-2.0 was not found in the pkg-config search path.
    Perhaps you should add the directory containing `glib-2.0.pc’
    to the PKG_CONFIG_PATH environment variable
    No package ‘glib-2.0’ found
    OSError: ‘pkg-config –cflags –libs glib-2.0’ exited 1:
    File “/Users/zhongzhizhen/ng-of-dissector/src/SConstruct”, line 46:
    env.ParseConfig(‘pkg-config –cflags –libs glib-2.0’)
    File “/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/scons-2.3.0/SCons/”, line 1554:
    return function(self, self.backtick(command))
    File “/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/scons-2.3.0/SCons/”, line 596:
    raise OSError(“‘%s’ exited %d” % (command, status))

    so what can I do? I am very anxious about this, thank you!