Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/amlight/ofp_sniffer
An OpenFlow sniffer to help network troubleshooting in production networks.
https://github.com/amlight/ofp_sniffer
openflow openflow-messages sdn sniffer troubleshooting
Last synced: 23 days ago
JSON representation
An OpenFlow sniffer to help network troubleshooting in production networks.
- Host: GitHub
- URL: https://github.com/amlight/ofp_sniffer
- Owner: amlight
- License: apache-2.0
- Created: 2015-09-21T15:58:07.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2022-11-28T14:15:11.000Z (about 2 years ago)
- Last Synced: 2024-08-04T09:05:45.781Z (4 months ago)
- Topics: openflow, openflow-messages, sdn, sniffer, troubleshooting
- Language: Python
- Homepage:
- Size: 863 KB
- Stars: 14
- Watchers: 3
- Forks: 12
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **8**星
README
OFP_Sniffer is an OpenFlow sniffer to be used for troubleshooting and learning purposes.
Currently on version 1.2, it dissects all OpenFlow 1.0 messages, works with InfluxDB, Grafana, and Slack.
OpenFlow 1.3 will be available on OFP_Sniffer version 1.3 (to be released soon).It works directly on Linux shell and dissects all OpenFlow messages on the
wire or from libpcap files. Using OFP_Sniffer, you can easily track OpenFlow messages
and errors associated (if any) without opening X11 or Wireshark. OFP_Sniffer was
written in Python 3.6 to support the AmLight SDN deployment (www.sdn.amlight.net).
AmLight SDN uses Internet2 FlowSpace Firewall, OESS and On.Lab ONOS, and these
apps were tested and are fully supported.As a command line interface tool, it has a few input parameters:
```
# ./ofp_sniffer.py -h
Usage:
./ofp_sniffer.py [-p min|full] [-f pcap_filter] [-F filter_file] [-i dev] [-r pcap_file]
-p : print all TCP/IP headers. Default: min
-f pcap_filter or --pcap-filter=pcap_filter: add a libpcap filter
-F filters_file.json or --filters-file=filters.json
-i interface or --interface=interface. Default: eth0
-r captured.pcap or --src-file=captured.pcap
-T topology.json or --topology-file=topology.json
-w file or --save-to-file=file: save output to file provided
-o or --print-ovs : print using ovs-ofctl format
-h or --help : prints this help
-c or --no-colors: removes colors
-v or --version : prints version
-O WARN:CRIT or --oess-fvd=WARN:CRIT: monitor OESS FVD status
-N or --notify-via-slack: send notifications via Slack. Param is the Slack channel
-S or --enable-statistics: creates statistics
```Starting on version 1.0, apps are supported to handle specific needs, such as track OESS FVD
messages or to creates statistics via REST and be integrated to NMSes (f.i., Zabbix).More info: https://amlight.net/wp-content/uploads/2015/03/wpeif-2016-ofpsniffer.pdf
##################### Instalation ######################
```
Requires Python 3.6
git clone https://github.com/amlight/ofp_sniffer.git
cd ofp_sniffer
pip3.6 install -r docs/requirements.txt
sudo ./ofp_sniffer.py
```
##################### Examples #########################Examples are provided below:
```
---------------------- -------------------------
| Mininet | | OVS-OFCTL 2.3.0 |
| 192.168.56.101:6634| <-------> | eth1 - 192.168.56.102 |
---------------------- -------------------------# ovs-ofctl dump-flows tcp:192.168.56.101:6634
cookie=0x0, duration=2183.377s, table=0, n_packets=0, n_bytes=0, idle_age=2183, in_port=1,dl_vlan=2 actions=output:2# ./ofp_sniffer.py -i eth1 -f " or port 6634"
Sniffing device eth1
2015-09-13 11:47:38.655503 192.168.56.102:37450 -> 192.168.56.101:6634 Size: 74
OpenFlow Version: 1.0(1) Type: Hello(0) Length: 8 XID: 1
1 OpenFlow Hello2015-09-13 11:47:38.656964 192.168.56.101:6634 -> 192.168.56.102:37450 Size: 74
OpenFlow Version: 1.0(1) Type: Hello(0) Length: 8 XID: 174
174 OpenFlow Hello2015-09-13 11:47:38.657638 192.168.56.102:37450 -> 192.168.56.101:6634 Size: 86
OpenFlow Version: 1.0(1) Type: Vendor(4) Length: 20 XID: 2
2 OpenFlow Vendor : NICIRA(0x2320)
2 OpenFlow Vendor Data: 12 22015-09-13 11:47:38.657870 192.168.56.102:37450 -> 192.168.56.101:6634 Size: 74
OpenFlow Version: 1.0(1) Type: BarrierReq(18) Length: 8 XID: 3
3 OpenFlow Barrier Request2015-09-13 11:47:38.659270 192.168.56.101:6634 -> 192.168.56.102:37450 Size: 74
OpenFlow Version: 1.0(1) Type: BarrierRes(19) Length: 8 XID: 3
3 OpenFlow Barrier Reply```
```
# ovs-ofctl add-flow tcp:192.168.56.101:6634 "dl_dst=10:00:00:01:20:00,dl_type=0x88bc actions=mod_vlan_vid:14,output:2"# ./ofp_sniffer.py -i eth1 -f " or port 6634"
2015-09-13 11:49:08.171463 192.168.56.102:37451 -> 192.168.56.101:6634 Size: 154
OpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 88 XID: 2
2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00
2 OpenFlow Body - Cookie: 0x00 Command: Add(0) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)
2 OpenFlow Action - Type: SetVLANID Length: 8 VLAN ID: 14 Pad: 0
2 OpenFlow Action - Type: OUTPUT Length: 8 Port: 2 Max Length: 0# ovs-ofctl del-flows tcp:192.168.56.101:6634 "dl_type=0x88bc,dl_dst=10:00:00:01:20:00, "
2015-09-13 11:50:43.636925 192.168.56.102:37454 -> 192.168.56.101:6634 Size: 138
OpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 72 XID: 2
2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00
2 OpenFlow Body - Cookie: 0x00 Command: Delete(3) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)# ovs-ofctl add-flow tcp:192.168.56.101:6634 "dl_dst=10:00:00:01:20:00,dl_type=0x88bc actions=mod_vlan_vid:14,output:2"
2015-09-13 11:52:58.563737 192.168.56.102:37455 -> 192.168.56.101:6634 Size: 154
OpenFlow Version: 1.0(1) Type: FlowMod(14) Length: 88 XID: 2
2 OpenFlow Match - wildcards: 3678439 dl_type: 0x88bc dl_dst: 10:00:00:01:20:00
2 OpenFlow Body - Cookie: 0x00 Command: Add(0) Idle/Hard Timeouts: 0/0 Priority: 32768 Buffer ID: 0xffffffff Out Port: 65535 Flags: Unknown Flag(0)
2 OpenFlow Action - Type: SetVLANID Length: 8 VLAN ID: 14 Pad: 0
2 OpenFlow Action - Type: OUTPUT Length: 8 Port: 2 Max Length: 0
```Using Filters:
When using option -F ./filters.json you will have a few options:
"rejected_of_types" : used to select what OpenFlow message types you DON'T want to see. You can define different filters
depending of the OpenFlow versionFilters by Ethertype:
If you are looking for a specific Ethertype being transported by PacketOut or PacketIn messages, you can reject all
others, giving you easy visualization.Example:
```
"filters":{
"ethertypes": {
"lldp" : 0,
"fvd" : 0,
"arp" : 1,
"others": [ "88b5" ]
},
"packetIn_filter": {
"switch_dpid": "any",
"in_port": "any"
},
"packetOut_filter": {
"switch_dpid": "any",
"out_port": "any"
}
}
}
```In the ethertype section, 1 means filter, 0 means print it. In the example provided, ARP messages won't be seen, while
OESS FVD and LLDP will. You can add the Ethertype hex number (without the 0x) in the "others" section, just adding
commas (",")."packetIn_filter": used to define what PacketIn + LLDP messages you WANT to see. You can define per switch and/or
per port. For switch, you need to use the datapath_id as seen by the application you are using. For example,
some apps fill in the field c_id with of:dpid_id, other with dpid:dpid_id. For ports, using the OpenFlow port_id,
not the port name. For example, on Brocade, eth1/1 == 1. So use 1 instead of eth1/1.
"packetOut_filter": used to define what PacketOut + LLDP messages you WANT to see. You can define per switch and/or
per port. For switch, you need to use the datapath_id as seen by the application you are using. For example,
some apps fill in the field c_id with of:dpid_id, other with dpid:dpid_id. For ports, using the OpenFlow port_id,
not the name of the port. For example, on Brocade, eth1/1 == 1. So use 1 instead of eth1/1.Support for OpenFlow proxies:
When using an OpenFlow proxy, depending of the interface you select to sniffer, you are going to see one of the two
possibilities:IP_Controller <-> IP_Proxy
IP_Proxy <-> IP_SwitchIt is hard to associate which controller is talking to which switch. To ease this troubleshooting, the OpenFlow
sniffer automatically monitors all PacketOut + LLDP messages to create a dictionary of {(IP, port): name_switch}.
If this is your case, change the file docs/topology.json. Next time you run the sniffer, you are going to see
the IP and between parentheses the device behind the proxy. Example:```
2015-12-16 15:37:41.563621 200.0.207.79(andes1):7801 -> 190.103.184.135:6633 Size: 157 Bytes
OpenFlow Version: 1.0(1) Type: PacketIn(10) Length: 103 XID: 0
0 PacketIn: buffer_id: 0xffffffff total_len: 85 in_port: 49 reason: OFPR_NO_MATCH(0) pad: 0
0 Ethernet: Destination MAC: ff:ff:ff:ff:ff:ff Source MAC: de:ad:be:ef:ba:11 Protocol: 0x8100
0 Ethernet: Prio: 0 CFI: 0 VID: 3720
0 LLDP: Chassis Type(1) Length: 7 SubType: 4 ID: of:cc4e249102000000
0 LLDP: Port Type(2) Length: 5 SubType: 2 ID: 2
0 LLDP: TTL(3) Length: 2 Seconds: 120
0 LLDP: END(0) Length: 02015-12-16 15:37:41.564414 190.103.184.133(andes1):56132 -> 190.103.187.72:6633 Size: 165 Bytes
OpenFlow Version: 1.0(1) Type: PacketIn(10) Length: 99 XID: 0
0 PacketIn: buffer_id: 0xffffffff total_len: 81 in_port: 49 reason: OFPR_NO_MATCH(0) pad: 0
0 Ethernet: Destination MAC: ff:ff:ff:ff:ff:ff Source MAC: de:ad:be:ef:ba:11 Protocol: 0x8942
0 LLDP: Chassis Type(1) Length: 7 SubType: 4 ID: of:cc4e249102000000
0 LLDP: Port Type(2) Length: 5 SubType: 2 ID: 2
0 LLDP: TTL(3) Length: 2 Seconds: 120
0 LLDP: END(0) Length: 0
```The name (andes1) represents a switch called "andes1" with DPID cc4e249126000000. Note that the DPID showed in the
example is not the same, because a PacketIn message is being used as an example. PacketIn shows the DPID of the
neighbors of "andes1".I hope this code helps you.
Questions/Suggestions: AmLight Dev Team