Installing Wireshark On Linux for OpenFlow Packet Captures
This tutorial is for those who are learning, troubleshooting and developing using the OpenFlow wire protocol. Packet captures are vital to troubleshooting issues that occur between the switch and OpenFlow controller. The instructions are for installing Wireshark from package or compiling and installing from source. It also walks through installing the OpenFlow v1.0 dissector plugin for Wireshark. Once the plugin is installed you will be able to view OpenFlow messaging in the Wireshark packet captures.
Installing Wireshark From Repositories
- Ubuntu Wireshark installation from Repository
apt-get update && apt-get install wireshark-dev wireshark mercurial git
- RedHat (CentOS/RHEL) Wireshark installation from Repository
yum install wireshark-devel wireshark
Download and Installing The OpenFlow Wireshark Dissector Option #1
This dissector is maintained by Nick Bastin. I am wedging it in here as I missed this one when I initially wrote this post. The other Stanford version is older but works fine for OpenFlow v1.0 but this is much more up to date. The video below is for the original version covered in option #2 below. Start with this one.
hg clone https://bitbucket.org/barnstorm/of-dissector cd of-dissector/src apt-get install scons scons install export WIRESHARK=/usr/include/wireshark/ scons install #This creates a shared object (so) named openflow.so. #Copy openflow.so to the Wireshark plugin directory. cp openflow.so /usr/lib/wireshark/libwireshark1/plugins/openflow.so
- OpenFlow v1.0 dissector repo https://bitbucket.org/barnstorm/of-dissector
- OpenFlow v1.1+ dissector repo https://bitbucket.org/barnstorm/ng-of-dissector
Download and Installing The OpenFlow Wireshark Dissector Option #2
git clone git://openflow.org/openflow.git cd openflow ./boot.sh ./configure make sudo make install cd utilities/wireshark_dissectors/openflow
Before you go on you need to edit packet-openflow.c to fix a problem from a change in the Wireshark API.
Open the following C file in a text editor:
openflow/utilities/wireshark_dissectors/openflow/packet-openflow.c
Add the following constant somewhere in the file with the other definitions. Look for “#define” and just add wedge it in there.
#define NO_STRINGS NULL
Next change find the function:
Change from:
void proto_reg_handoff_openflow()
{
openflow_handle = create_dissector_handle(dissect_openflow, proto_openflow);
dissector_add(TCP_PORT_FILTER, global_openflow_proto, openflow_handle);
}
To:
void proto_reg_handoff_openflow()
{
openflow_handle = create_dissector_handle(dissect_openflow, proto_openflow);
dissector_add_uint(TCP_PORT_FILTER, global_openflow_proto, openflow_handle);
}
Figure 1. The void proto_reg_handoff_openflow() function after edit.
make sudo make install
Copy the dynamic library or shared object (so file) packet-openflow.so into the Wireshark plugins directory.
cp /var/packet-openflow.so /usr/lib/wireshark/libwireshark1/plugins/
Running Wireshark with the OpenFlow Dissector
If you get the following error, verify you edited acket-openflow.c properly and recompile the dissector again to create another packet-openflow.so object file.
Couldn't load module /usr/lib/wireshark/libwireshark1/plugins/packet-openflow.so: /usr/lib/wireshark/libwireshark1/plugins/packet-openflow.so: undefined symbol: dissector_add
Verifying OpenFlow Dissector and Wireshark Installation
In Wireshark go to Help->About->Plugins tab. You should see the OpenFlow plugin in the list.
Figure 2. The OpenFlow Wireshark plugin
You can now view the OpenFlow header and packet type from your Wireshark captures. More information on generating OpenFlow packets can be found in these tutorials.
Figure 3. Viewing OpenFlow messages in Wireshark.
Video of Installing and Operating Wireshark with OpenFlow Captures
Video 1. Screemcast of the Wireshark and OpenFlow plugin installation.
Compiling and Installing Wireshark from Source on Ubuntu and RHEL/CentOS
- Ubuntu
apt-get install libpcap-dev autoconf gtk2.0 flex bison libtool
- RedHat (CentOS/RHEL) I didn’t verify the dependencies, but those should cover everything.
yum groupinstall “Development Tools” yum groupinstall "X Window System" yum install glib2-devel automake pkgconfig libtool gcc
Download the source code from http://wireshark.org
wget http://wiresharkdownloads.riverbed.com/wireshark/src/wireshark-1.8.5.tar.bz2 bunzip2 wireshark-1.8.5.tar.bz2 tar -xvf wireshark-1.8.5.tar ./autogen.sh ./configure make make install sudo ldconfig ./wireshark
Additional Reseources
- OpenFlow Wireshark Dissector v1.0 - The dissector used in this tutorial.
- OpenFlow v1.1+ Wireshark Nick Bastin put together a dissector supporting OpenFlow v1.1+. This doesn’t support v1.0. So before you pull out your hair wondering why you see the protocol recognized but not dissected, be sure to use a dissector that is supporting your OF version. E.g. learn from my mistakes :*(
- My buddy Murphy McCauley has instructions for installing the dissector on a Mac over at Noxrepo.org.
- I would be remiss while on the topic of sharks, if I didn’t take the chance to link to a petition against shark hunting, being used as live bait and the horrible practice of “finning” The Petition Site.
Thanks for stopping by.
My coder is trying to convince me to move to .
net from PHP. I have always disliked the idea because
of the expenses. But he’s tryiong none the less. I’ve been
using Movable-type on several websites for about a
year and am anxious about switching to another platform.
I have heard very good things about blogengine.net. Is there a way I can transfer all my wordpress posts into it?
Any help would be greatly appreciated!
In my view, if all people in IT and bloggers made
good content as you did, the community will be much more useful than ever
before. The Wireshark installation worked. Do you have one for a Mac?
Thanks Viaj, appreciate the feedback. I have the steps for a Mac installation which was quite a pain in the a**. I will get them posted in the next couple of weeks.
Cheers,
-Brent