Installing Wireshark On Linux for OpenFlow Packet Captures

Installing Wireshark On Linux for OpenFlow Packet Captures


Installing Wireshark On Linux for OpenFlow Packet Captures
Update March 16, 2014:
Fedora 20 has native Wireshark OpenFlow support.
yum install wireshark
  • Update: the OpenFlow dissector appears natively included in the nightly Ubuntu dev builds and even better, native in Fedora 19:
  • ### Fedora 19 Wireshark Installation ###
    1) sudo yum install wireshark
    2) Nothing! Its that easy w/ native OpenFlow support +1
    For an X session on Fedora over SSH perform the following.
    1) Install the following:
    sudo yum install xorg-x11-xauth
    sudo yum install xorg-x11-fonts-*
    sudo yum install xorg-x11-utils
    2) Enable the following in the sshd_config file:
    Change X11Forwarding to yes and uncomment:
    X11Forwarding yes
    ====== sshd_config ==========
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes <=== change this #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes =============== $ export (should contain) declare -x DISPLAY="localhost:10.0" ========================= Now you can "ssh -X" to your host and run an X Wireshark session using "sudo wireshark".

### Mac Installation ###
Wireshark 1.11.0-SVN-52202

  • For a Mac just install quartz and this build and run as su.
  • sudo /Applications/

### Installing on Ubuntu using the PPA repo try the following ###

  • sudo apt-get install python-software-properties
  • sudo add-apt-repository ppa:mighost/ppa
  • sudo apt-get update
  • ### The following was pulled from 1.12.0~201309171613-1ppa1~precise in a dpkg –list. You likely don’t need to mess with repo preferences.###
  • sudo apt-get install wireshark-common libwireshark3 libwireshark-data libwireshark3 libwiretap3
  • sudo wireshark
  • ### To run remotely you can connect using X over ssh with ‘ssh -XY

Link to the PPA Repo

OpenFlow from Package PPA

This tutorial is for those who are learning, troubleshooting and developing using the OpenFlow wire protocol. Packet captures are vital to troubleshooting issues that occur between the switch and OpenFlow controller. The instructions are for installing Wireshark from package or compiling and installing from source. It also walks through installing the OpenFlow v1.0 dissector plugin for Wireshark. Once the plugin is installed you will be able to view OpenFlow messaging in the Wireshark packet captures.

Installing Wireshark From Repositories
  • Ubuntu Wireshark installation from Repository

  • RedHat (CentOS/RHEL) Wireshark installation from Repository

Download and Installing The OpenFlow Wireshark Dissector Option #1

This dissector is maintained by Nick Bastin. I am wedging it in here as I missed this one when I initially wrote this post. The other Stanford version is older but works fine for OpenFlow v1.0 but this is much more up to date. The video below is for the original version covered in option #2 below. Start with this one.

Download and Installing The OpenFlow Wireshark Dissector Option #2

Before you go on you need to edit packet-openflow.c to fix a problem from a change in the Wireshark API.

Open the following C file in a text editor:

Add the following constant somewhere in the file with the other definitions. Look for “#define” and just add wedge it in there.

Next change find the function:
Change from:


Figure 1. The void proto_reg_handoff_openflow() function after edit.

Copy the dynamic library or shared object (so file) into the Wireshark plugins directory.

Running Wireshark with the OpenFlow Dissector

If you get the following error, verify you edited acket-openflow.c properly and recompile the dissector again to create another object file.

Verifying OpenFlow Dissector and Wireshark Installation

In Wireshark go to Help->About->Plugins tab. You should see the OpenFlow plugin in the list.

OpenFlow Wireshark Dissector

Figure 2. The OpenFlow Wireshark plugin

You can now view the OpenFlow header and packet type from your Wireshark captures. More information on generating OpenFlow packets can be found in these tutorials.

OpenFlow Wireshark Plugin

Figure 3. Viewing OpenFlow messages in Wireshark.

Video of Installing and Operating Wireshark with OpenFlow Captures

Video 1. Screemcast of the Wireshark and OpenFlow plugin installation.

Compiling and Installing Wireshark from Source on Ubuntu and RHEL/CentOS
  • Ubuntu

  • RedHat (CentOS/RHEL) I didn’t verify the dependencies, but those should cover everything.

Download the source code from

Additional Reseources
  • OpenFlow Wireshark Dissector v1.0 – The dissector used in this tutorial.
  • OpenFlow v1.1+ Wireshark Nick Bastin put together a dissector supporting OpenFlow v1.1+. This doesn’t support v1.0. So before you pull out your hair wondering why you see the protocol recognized but not dissected, be sure to use a dissector that is supporting your OF version. E.g. learn from my mistakes :*(
  • My buddy Murphy McCauley has instructions for installing the dissector on a Mac over at
  • I would be remiss while on the topic of sharks, if I didn’t take the chance to link to a petition against shark hunting, being used as live bait and the horrible practice of “finning” The Petition Site.

Thanks for stopping by.

About the Author

Brent SalisburyI have over 15 years of experience wearing various hats from, network engineer, architect, devops and software engineer. I currently have the pleasure of working at the company that develops my favorite software I have ever used, Docker. My comments here are my personal thoughts and opinions. More at Brent's BioView all posts by Brent Salisbury →

1 year 4 months ago

when installing ‘scons install’, then appear
gcc -o packet-openflow.os -c -fPIC -I. -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/i386-linux-gnu/glib-2.0/include packet-openflow.c
packet-openflow.c:17:20: fatal error: config.h: No such file or directory
compilation terminated.
scons: *** [packet-openflow.os] Error 1
scons: building terminated because of errors.

what should i do?

1 year 5 months ago

I followed your tutorial and the plugin is running.
Anyway, excluding simple hello messages, every message is not decoded.
On most of packets I get a DISSECTOR_ASSERT_NOT_REACHED on the file proto.c. Those are tcp, icmp and the 90% of packets I scan.

My wireshark version is an 1.8.2 which comes from the default repositories of ubuntu 12.04.

Morgan Yang
1 year 7 months ago

Hi Brent:

I was wondering if you have come across “malform packets” with using the ofdissect plugin with certain OF1.3 flow modification messages. I’m aslo curious if you have (since the time of this post) come across any OF1.3 tcpdump plugins. Thanks!

1 year 10 months ago

Followed instructions based on your update portion first. However, there is no or in the plugins folder (even though ‘openflow’ appears in the filter list). Then tried option#1 (scons install). Gave error about no config.h file. Saw README which says I need to have wireshark source code and do at least a ./configure to get headers. But where do I place the dissector code in relation to the wireshark source code? Then tried option#2 and even followed instructions in link by sumit. While it fixed the dissector_add error, it gave a new error about check_col not defined. Read somewhere that it was to be deprecated. So currently, I have not been able to get openflow dissector working through any of the install methods.

What finally worked for me — downloaded the mininet ova VM. It has a built in wireshark with working dissector. Cloned the VM and can use that with floodlight or any other controller (I wanted mininet and controller in separate VMs).

Thanks for the great site. Learning quite a bit (albeit very very slowly).

Sumit Arora
2 years 3 days ago

Dear Brent ,

For Wireshark’s OF Plugin, I did exactly what defined above : but it throws following error :

Couldn’t load module /usr/lib/wireshark/libwireshark2/plugins/ /usr/lib/wireshark/libwireshark2/plugins/ undefined symbol: dissector_add

Couldn’t load module /usr/lib/wireshark/libwireshark2/plugins/ /usr/lib/wireshark/libwireshark2/plugins/ undefined symbol: try_val_to_str

Lua: Error during loading:
[string “/usr/share/wireshark/init.lua”]:45: dofile has been disabled


1 year 11 months ago

Hi Sumit,

I am having the same issue, have you find a solution?

Thank you in advance

Sumit Arora
1 year 11 months ago


You can try if this helps:

(It worked for me )


1 year 11 months ago

Thank you Sumit,
Yes, it worked for me and I should have tried Option 2 in Brent article because it describes the same process.

Thank you Brent for the great site

2 years 1 month ago

Just in case anybody experiences the same problem (packet-openflow.c: fatal error: cannot find config.h, cannot find epan/emem.h etc), I had to git clone git:// and then export WIRESHARK=openflow/utilities/wireshark_dissectors/wireshark-1.0.0-includes before using method 1 as described here.

I’m using Ubuntu 12.04, with wireshark installed from the repositories.

2 years 1 month ago

Also, thanks for the great tutorial!