[Nfd-dev] use wireshark for NFD in ubuntu

Tue Oct 3 17:54:41 PDT 2017

With tcpdump you can do various filtering based on fields in the packet.  The simplest would be use port number as a filter

tcpdump -w file.dump port 6363

to load to wireshark, you can either do it in GUI (File->open) or in command line using "-r file.dump".

I would recommend against ndn-dissector for large inputs. It is really a debugging tool to visualize TLV structure... Wireshark with NDN dissector would be the way to go.

Two more alternatives:

you should be able to feed file.dump to ndndump:  ndndump -r file.dump

you can also use command-line version of wireshark (with ndn dissector):  tshark and feed the captured file with -r.

---
Alex

> On Oct 3, 2017, at 8:39 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
> 
> trying to use ndn-dissector <https://github.com/named-data/ndn-tools/blob/master/tools/dissect-wireshark/ndn.lua> but it takes forever to process 5min log.
> is there a way to limit tcpdump capture to only ndn packets and (preferrably) pipe them to a script to filter out those that don’t match my regex? (or I’ll need to process TLV format in order to extract names first?)
> 
> Thanks,
> 
> --
> Peter Gusev
> 
> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
> +1 213 5872748
> 
> Research Scholar @ REMAP UCLA <http://remap.ucla.edu/>
> Video streaming/ICN networks/Creative Development
> 
>> On Oct 3, 2017, at 5:08 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
>> 
>> thanks Davide,
>> 
>> I don’t have much experience using tcpdump.
>> 
>> once data is collected, how do I process it (load to Wireshark only)?
>> I just need to extract interests/data packets that match given regular expression and their timestamps.
>> 
>> Thanks,
>> 
>> --
>> Peter Gusev
>> 
>> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
>> +1 213 5872748
>> 
>> Research Scholar @ REMAP UCLA <http://remap.ucla.edu/>
>> Video streaming/ICN networks/Creative Development
>> 
>>> On Oct 2, 2017, at 7:00 PM, Davide Pesavento <davide.pesavento at lip6.fr <mailto:davide.pesavento at lip6.fr>> wrote:
>>> 
>>> You don't.
>>> To capture from the command line for later analysis, use dumpcap or tcpdump -w.
>>> 
>>> Best,
>>> Davide
>>> 
>>> On Mon, Oct 2, 2017 at 9:33 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
>>>> Hi all,
>>>> 
>>>> have quick question - how do I use Wireshark in the command line to capture
>>>> data packets and interests?
>>>> is there a way to run it also on Android?
>>>> 
>>>> Thanks,
>>>> 
>>>> --
>>>> Peter Gusev
>>>> 
>>>> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
>>>> +1 213 5872748
>>>> 
>>>> Research Scholar @ REMAP UCLA
>>>> Video streaming/ICN networks/Creative Development
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Nfd-dev mailing list
>>>> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
>>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev <http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev>
>>>> 
>> 
>> _______________________________________________
>> Nfd-dev mailing list
>> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev <http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev>
> 
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171003/420383a5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171003/420383a5/attachment.sig>