{"id":13826731,"url":"https://github.com/amlight/ofp_sniffer","last_synced_at":"2025-07-09T01:31:10.160Z","repository":{"id":48700780,"uuid":"42876929","full_name":"amlight/ofp_sniffer","owner":"amlight","description":"An OpenFlow sniffer to help network troubleshooting in production networks.","archived":false,"fork":false,"pushed_at":"2022-11-28T14:15:11.000Z","size":884,"stargazers_count":14,"open_issues_count":6,"forks_count":12,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-04T09:05:45.781Z","etag":null,"topics":["openflow","openflow-messages","sdn","sniffer","troubleshooting"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amlight.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-21T15:58:07.000Z","updated_at":"2023-09-28T10:30:36.000Z","dependencies_parsed_at":"2023-01-22T01:16:01.097Z","dependency_job_id":null,"html_url":"https://github.com/amlight/ofp_sniffer","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amlight%2Fofp_sniffer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amlight%2Fofp_sniffer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amlight%2Fofp_sniffer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amlight%2Fofp_sniffer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amlight","download_url":"https://codeload.github.com/amlight/ofp_sniffer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225476383,"owners_count":17480215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openflow","openflow-messages","sdn","sniffer","troubleshooting"],"created_at":"2024-08-04T09:01:43.283Z","updated_at":"2024-11-20T05:31:02.217Z","avatar_url":"https://github.com/amlight.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff"],"readme":"\nOFP_Sniffer is an OpenFlow sniffer to be used for troubleshooting and learning purposes.\n\nCurrently on version 1.2, it dissects all OpenFlow 1.0 messages, works with InfluxDB, Grafana, and Slack.\nOpenFlow  1.3 will be available on OFP_Sniffer version 1.3 (to be released soon).\n\nIt works directly on Linux shell and dissects all OpenFlow messages on the \nwire or from libpcap files. Using OFP_Sniffer, you can easily track OpenFlow messages \nand errors associated (if any) without opening X11 or Wireshark. OFP_Sniffer was \nwritten in Python 3.6 to support the AmLight SDN deployment (www.sdn.amlight.net).\nAmLight SDN uses Internet2 FlowSpace Firewall, OESS and On.Lab ONOS, and these \napps were tested and are fully supported.\n\nAs a command line interface tool, it has a few input parameters:\n```\n# ./ofp_sniffer.py -h\nUsage:\n ./ofp_sniffer.py [-p min|full] [-f pcap_filter] [-F filter_file] [-i dev] [-r pcap_file]\n\t -p : print all TCP/IP headers. Default: min\n\t -f pcap_filter or --pcap-filter=pcap_filter: add a libpcap filter\n\t -F filters_file.json or --filters-file=filters.json\n\t -i interface or --interface=interface. Default: eth0\n\t -r captured.pcap or --src-file=captured.pcap\n\t -T topology.json or --topology-file=topology.json\n\t -w file or --save-to-file=file: save output to file provided\n\t -o or --print-ovs : print using ovs-ofctl format\n\t -h or --help : prints this help\n\t -c or --no-colors: removes colors\n\t -v or --version : prints version\n\t -O WARN:CRIT or --oess-fvd=WARN:CRIT: monitor OESS FVD status\n\t -N or --notify-via-slack: send notifications via Slack. Param is the Slack channel\n\t -S or --enable-statistics: creates statistics\n```\n\nStarting on version 1.0, apps are supported to handle specific needs, such as track OESS FVD\nmessages or to creates statistics via REST and be integrated to NMSes (f.i., Zabbix). \n\nMore info: https://amlight.net/wp-content/uploads/2015/03/wpeif-2016-ofpsniffer.pdf\n\n##################### Instalation ######################\n```\nRequires Python 3.6\ngit clone https://github.com/amlight/ofp_sniffer.git\ncd ofp_sniffer\npip3.6 install -r docs/requirements.txt\nsudo ./ofp_sniffer.py\n```\n##################### Examples #########################\n\nExamples are provided below:\n```\n----------------------           -------------------------\n| Mininet            |           | OVS-OFCTL 2.3.0       |\n| 192.168.56.101:6634| \u003c-------\u003e | eth1 - 192.168.56.102 |\n----------------------           -------------------------\n\n# ovs-ofctl dump-flows tcp:192.168.56.101:6634\n cookie=0x0, duration=2183.377s, table=0, n_packets=0, n_bytes=0, idle_age=2183, in_port=1,dl_vlan=2 actions=output:2\n\n# ./ofp_sniffer.py -i eth1 -f \" or port 6634\"\nSniffing device eth1\n2015-09-13 11:47:38.655503 192.168.56.102:37450 -\u003e 192.168.56.101:6634 Size: 74\nOpenFlow Version: 1.0(1) Type: Hello(0) Length: 8  XID: 1\n1 OpenFlow Hello\n\n2015-09-13 11:47:38.656964 192.168.56.101:6634 -\u003e 192.168.56.102:37450 Size: 74\nOpenFlow Version: 1.0(1) Type: Hello(0) Length: 8  XID: 174\n174 OpenFlow Hello\n\n2015-09-13 11:47:38.657638 192.168.56.102:37450 -\u003e 192.168.56.101:6634 Size: 86\nOpenFlow Version: 1.0(1) Type: Vendor(4) Length: 20  XID: 2\n2 OpenFlow Vendor : NICIRA(0x2320)\n2 OpenFlow Vendor Data:  12  2 \n\n2015-09-13 11:47:38.657870 192.168.56.102:37450 -\u003e 192.168.56.101:6634 Size: 74\nOpenFlow Version: 1.0(1) Type: BarrierReq(18) Length: 8  XID: 3\n3 OpenFlow Barrier Request\n\n2015-09-13 11:47:38.659270 192.168.56.101:6634 -\u003e 192.168.56.102:37450 Size: 74\nOpenFlow Version: 1.0(1) Type: BarrierRes(19) Length: 8  XID: 3\n3 OpenFlow Barrier Reply\n\n```\n```\n# ovs-ofctl add-flow tcp:192.168.56.101:6634 \"dl_dst=10:00:00:01:20:00,dl_type=0x88bc actions=mod_vlan_vid:14,output:2\"\n\n# ./ofp_sniffer.py -i eth1 -f \" or port 6634\"\n\n2015-09-13 11:49:08.171463 192.168.56.102:37451 -\u003e 192.168.56.101:6634 Size: 154\nOpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 88  XID: 2\n2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00\n2 OpenFlow Body - Cookie: 0x00 Command: Add(0) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)\n2 OpenFlow Action - Type: SetVLANID Length: 8 VLAN ID: 14 Pad: 0\n2 OpenFlow Action - Type: OUTPUT Length: 8 Port: 2 Max Length: 0\n\n# ovs-ofctl del-flows tcp:192.168.56.101:6634 \"dl_type=0x88bc,dl_dst=10:00:00:01:20:00, \"\n\n2015-09-13 11:50:43.636925 192.168.56.102:37454 -\u003e 192.168.56.101:6634 Size: 138\nOpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 72  XID: 2\n2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00\n2 OpenFlow Body - Cookie: 0x00 Command: Delete(3) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)\n\n# ovs-ofctl add-flow tcp:192.168.56.101:6634 \"dl_dst=10:00:00:01:20:00,dl_type=0x88bc actions=mod_vlan_vid:14,output:2\"\n\n2015-09-13 11:52:58.563737 192.168.56.102:37455 -\u003e 192.168.56.101:6634 Size: 154\nOpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 88  XID: 2\n2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00\n2 OpenFlow Body - Cookie: 0x00 Command: Add(0) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)\n2 OpenFlow Action - Type: SetVLANID Length: 8 VLAN ID: 14 Pad: 0\n2 OpenFlow Action - Type: OUTPUT Length: 8 Port: 2 Max Length: 0\n```\n\nUsing Filters:\n\nWhen using option -F ./filters.json you will have a few options:\n\n\"rejected_of_types\" : used to select what OpenFlow message types you DON'T want to see. You can define different filters\n   depending of the OpenFlow version\n\nFilters by Ethertype:\n\nIf you are looking for a specific Ethertype being transported by PacketOut or PacketIn messages, you can reject all\nothers, giving you easy visualization.\n\nExample:\n\n```\n  \"filters\":{\n      \"ethertypes\": {\n          \"lldp\" : 0,\n          \"fvd\"  : 0,\n          \"arp\"  : 1,\n          \"others\": [ \"88b5\" ]\n      },\n      \"packetIn_filter\": {\n          \"switch_dpid\": \"any\",\n          \"in_port\": \"any\"\n      },\n      \"packetOut_filter\": {\n          \"switch_dpid\": \"any\",\n          \"out_port\": \"any\"\n      }\n  }\n}\n```\n\nIn the ethertype section, 1 means filter, 0 means print it. In the example provided, ARP messages won't be seen, while\nOESS FVD and LLDP will. You can add the Ethertype hex number (without the 0x) in the \"others\" section, just adding \ncommas (\",\").\n\n\"packetIn_filter\": used to define what PacketIn + LLDP messages you WANT to see. You can define per switch and/or \n   per port. For switch, you need to use the datapath_id as seen by the application you are using. For example,\n   some apps fill in the field c_id with of:dpid_id, other with dpid:dpid_id. For ports, using the OpenFlow port_id,\n   not the port name. For example, on Brocade, eth1/1 == 1. So use 1 instead of eth1/1.\n \n\"packetOut_filter\": used to define what PacketOut + LLDP messages you WANT to see. You can define per switch and/or \n   per port. For switch, you need to use the datapath_id as seen by the application you are using. For example,\n   some apps fill in the field c_id with of:dpid_id, other with dpid:dpid_id. For ports, using the OpenFlow port_id,\n   not the name of the port. For example, on Brocade, eth1/1 == 1. So use 1 instead of eth1/1.\n\n\nSupport for OpenFlow proxies:\n\nWhen using an OpenFlow proxy, depending of the interface you select to sniffer, you are going to see one of the two\n   possibilities:\n\n   IP_Controller \u003c-\u003e IP_Proxy\n   IP_Proxy \u003c-\u003e IP_Switch\n\nIt is hard to associate which controller is talking to which switch. To ease this troubleshooting, the OpenFlow \n   sniffer automatically monitors all PacketOut + LLDP messages to create a dictionary of {(IP, port): name_switch}.\n   If this is your case, change the file docs/topology.json. Next time you run the sniffer, you are going to see \n   the IP and between parentheses the device behind the proxy. Example:\n\n```\n2015-12-16 15:37:41.563621 200.0.207.79(andes1):7801 -\u003e 190.103.184.135:6633 Size: 157 Bytes\nOpenFlow Version: 1.0(1) Type: PacketIn(10) Length: 103  XID: 0\n0 PacketIn: buffer_id: 0xffffffff total_len: 85 in_port: 49 reason: OFPR_NO_MATCH(0) pad: 0\n0 Ethernet: Destination MAC: ff:ff:ff:ff:ff:ff Source MAC: de:ad:be:ef:ba:11 Protocol: 0x8100\n0 Ethernet: Prio: 0 CFI: 0 VID: 3720\n0 LLDP: Chassis Type(1) Length: 7 SubType: 4 ID: of:cc4e249102000000\n0 LLDP: Port Type(2) Length: 5 SubType: 2 ID: 2\n0 LLDP: TTL(3) Length: 2 Seconds: 120\n0 LLDP: END(0) Length: 0\n\n2015-12-16 15:37:41.564414 190.103.184.133(andes1):56132 -\u003e 190.103.187.72:6633 Size: 165 Bytes\nOpenFlow Version: 1.0(1) Type: PacketIn(10) Length: 99  XID: 0\n0 PacketIn: buffer_id: 0xffffffff total_len: 81 in_port: 49 reason: OFPR_NO_MATCH(0) pad: 0\n0 Ethernet: Destination MAC: ff:ff:ff:ff:ff:ff Source MAC: de:ad:be:ef:ba:11 Protocol: 0x8942\n0 LLDP: Chassis Type(1) Length: 7 SubType: 4 ID: of:cc4e249102000000\n0 LLDP: Port Type(2) Length: 5 SubType: 2 ID: 2\n0 LLDP: TTL(3) Length: 2 Seconds: 120\n0 LLDP: END(0) Length: 0\n```\n\nThe name (andes1) represents a switch called \"andes1\" with DPID cc4e249126000000. Note that the DPID showed in the \n  example is not the same, because a PacketIn message is being used as an example. PacketIn shows the DPID of the \n  neighbors of \"andes1\". \n\nI hope this code helps you.\n\nQuestions/Suggestions: AmLight Dev Team \u003cdev@amlight.net\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famlight%2Fofp_sniffer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famlight%2Fofp_sniffer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famlight%2Fofp_sniffer/lists"}