<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">With tcpdump you can do various filtering based on fields in the packet.  The simplest would be use port number as a filter<div class=""><br class=""></div><div class=""><br class=""></div><div class="">tcpdump -w file.dump port 6363</div><div class=""><br class=""></div><div class="">to load to wireshark, you can either do it in GUI (File->open) or in command line using "-r file.dump".</div><div class=""><br class=""></div><div class="">I would recommend against ndn-dissector for large inputs. It is really a debugging tool to visualize TLV structure... Wireshark with NDN dissector would be the way to go.</div><div class=""><br class=""></div><div class="">Two more alternatives:</div><div class=""><br class=""></div><div class="">you should be able to feed file.dump to ndndump:  ndndump -r file.dump </div><div class=""><br class=""></div><div class="">you can also use command-line version of wireshark (with ndn dissector):  tshark and feed the captured file with -r.</div><div class=""><br class=""></div><div class="">---</div><div class="">Alex<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Oct 3, 2017, at 8:39 PM, Gusev, Peter <<a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

trying to use <a href="https://github.com/named-data/ndn-tools/blob/master/tools/dissect-wireshark/ndn.lua" class="">ndn-dissector</a> but it takes forever to process 5min log.

<div class="">is there a way to limit tcpdump capture to only ndn packets and (preferrably) pipe them to a script to filter out those that don’t match my regex? (or I’ll need to process TLV format in order to extract names first?)</div>

<div class=""> <br class="">

<div class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

Thanks, </div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<br class="">

</div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

-- <br class="">

Peter Gusev</div>

<div style="font-family: Helvetica; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<br class="">

<i class=""><a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a><br class="">

+1 213 5872748<br class="">

</i></div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<br class="">

</div>

<div style="font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<i class=""><font color="#929292" class="">Research Scholar @ </font></i><a href="http://remap.ucla.edu/" class=""><i class="">REMAP UCLA</i></a><i class=""><font color="#929292" class=""><br class="">

Video streaming/ICN networks/Creative Development</font></i></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br class="">

<div class="">

<blockquote type="cite" class="">

<div class="">On Oct 3, 2017, at 5:08 PM, Gusev, Peter <<a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

thanks Davide,

<div class=""><br class="">

</div>

<div class="">I don’t have much experience using tcpdump.</div>

<div class=""><br class="">

</div>

<div class="">once data is collected, how do I process it (load to Wireshark only)? </div>

<div class="">I just need to extract interests/data packets that match given regular expression and their timestamps.</div>

<div class=""><br class="">

<div class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

Thanks, </div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<br class="">

</div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

-- <br class="">

Peter Gusev</div>

<div style="font-family: Helvetica; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<br class="">

<i class=""><a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a><br class="">

+1 213 5872748<br class="">

</i></div>

<div style="font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<br class="">

</div>

<div style="font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">

<i class=""><font color="#929292" class="">Research Scholar @ </font></i><a href="http://remap.ucla.edu/" class=""><i class="">REMAP UCLA</i></a><i class=""><font color="#929292" class=""><br class="">

Video streaming/ICN networks/Creative Development</font></i></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br class="">

<div class="">

<blockquote type="cite" class="">

<div class="">On Oct 2, 2017, at 7:00 PM, Davide Pesavento <<a href="mailto:davide.pesavento@lip6.fr" class="">davide.pesavento@lip6.fr</a>> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div class="">You don't.<br class="">

To capture from the command line for later analysis, use dumpcap or tcpdump -w.<br class="">

<br class="">

Best,<br class="">

Davide<br class="">

<br class="">

On Mon, Oct 2, 2017 at 9:33 PM, Gusev, Peter <<a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a>> wrote:<br class="">

<blockquote type="cite" class="">Hi all,<br class="">

<br class="">

have quick question - how do I use Wireshark in the command line to capture<br class="">

data packets and interests?<br class="">

is there a way to run it also on Android?<br class="">

<br class="">

Thanks,<br class="">

<br class="">

--<br class="">

Peter Gusev<br class="">

<br class="">

<a href="mailto:peter@remap.ucla.edu" class="">peter@remap.ucla.edu</a><br class="">

+1 213 5872748<br class="">

<br class="">

Research Scholar @ REMAP UCLA<br class="">

Video streaming/ICN networks/Creative Development<br class="">

<br class="">

<br class="">

_______________________________________________<br class="">

Nfd-dev mailing list<br class="">

<a href="mailto:Nfd-dev@lists.cs.ucla.edu" class="">Nfd-dev@lists.cs.ucla.edu</a><br class="">

<a href="http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev" class="">http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev</a><br class="">

<br class="">

</blockquote>

</div>

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

_______________________________________________<br class="">

Nfd-dev mailing list<br class="">

<a href="mailto:Nfd-dev@lists.cs.ucla.edu" class="">Nfd-dev@lists.cs.ucla.edu</a><br class="">

<a href="http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev" class="">http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev</a><br class="">

</div>

</blockquote>

</div>

<br class="">

</div>

</div>

_______________________________________________<br class="">Nfd-dev mailing list<br class=""><a href="mailto:Nfd-dev@lists.cs.ucla.edu" class="">Nfd-dev@lists.cs.ucla.edu</a><br class=""><a href="http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev" class="">http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev</a><br class=""></div></blockquote></div><br class=""></div></body></html>