[Nfd-dev] use wireshark for NFD in ubuntu
Alex Afanasyev
aa at cs.fiu.edu
Tue Oct 3 17:54:41 PDT 2017
With tcpdump you can do various filtering based on fields in the packet. The simplest would be use port number as a filter
tcpdump -w file.dump port 6363
to load to wireshark, you can either do it in GUI (File->open) or in command line using "-r file.dump".
I would recommend against ndn-dissector for large inputs. It is really a debugging tool to visualize TLV structure... Wireshark with NDN dissector would be the way to go.
Two more alternatives:
you should be able to feed file.dump to ndndump: ndndump -r file.dump
you can also use command-line version of wireshark (with ndn dissector): tshark and feed the captured file with -r.
---
Alex
> On Oct 3, 2017, at 8:39 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
>
> trying to use ndn-dissector <https://github.com/named-data/ndn-tools/blob/master/tools/dissect-wireshark/ndn.lua> but it takes forever to process 5min log.
> is there a way to limit tcpdump capture to only ndn packets and (preferrably) pipe them to a script to filter out those that don’t match my regex? (or I’ll need to process TLV format in order to extract names first?)
>
> Thanks,
>
> --
> Peter Gusev
>
> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
> +1 213 5872748
>
> Research Scholar @ REMAP UCLA <http://remap.ucla.edu/>
> Video streaming/ICN networks/Creative Development
>
>> On Oct 3, 2017, at 5:08 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
>>
>> thanks Davide,
>>
>> I don’t have much experience using tcpdump.
>>
>> once data is collected, how do I process it (load to Wireshark only)?
>> I just need to extract interests/data packets that match given regular expression and their timestamps.
>>
>> Thanks,
>>
>> --
>> Peter Gusev
>>
>> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
>> +1 213 5872748
>>
>> Research Scholar @ REMAP UCLA <http://remap.ucla.edu/>
>> Video streaming/ICN networks/Creative Development
>>
>>> On Oct 2, 2017, at 7:00 PM, Davide Pesavento <davide.pesavento at lip6.fr <mailto:davide.pesavento at lip6.fr>> wrote:
>>>
>>> You don't.
>>> To capture from the command line for later analysis, use dumpcap or tcpdump -w.
>>>
>>> Best,
>>> Davide
>>>
>>> On Mon, Oct 2, 2017 at 9:33 PM, Gusev, Peter <peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>> wrote:
>>>> Hi all,
>>>>
>>>> have quick question - how do I use Wireshark in the command line to capture
>>>> data packets and interests?
>>>> is there a way to run it also on Android?
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Peter Gusev
>>>>
>>>> peter at remap.ucla.edu <mailto:peter at remap.ucla.edu>
>>>> +1 213 5872748
>>>>
>>>> Research Scholar @ REMAP UCLA
>>>> Video streaming/ICN networks/Creative Development
>>>>
>>>>
>>>> _______________________________________________
>>>> Nfd-dev mailing list
>>>> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
>>>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev <http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev>
>>>>
>>
>> _______________________________________________
>> Nfd-dev mailing list
>> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
>> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev <http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev>
>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu <mailto:Nfd-dev at lists.cs.ucla.edu>
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171003/420383a5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20171003/420383a5/attachment.sig>
More information about the Nfd-dev
mailing list