Hello,
I research SDN security. I simulate an SDN network with an RYU controller. I use Scapy to generate traffic.
Now I want to read and analyse some parameters in a packet header like flags to distinguish between legitimate and illegitimate packets.
Which solution do you suggest?
Thank you.
WireShark
Adding more detail - if you can either run WireShark on a PC at each end of the conversation OR run TCPDUMP on a Linux device at either end, you can have full capture of both the sending and receiving ends of the network traffic. You can also set up a mirror port on a switch device between the ends of the conversation, but it is usually easier to just install WireShark or run TCPDUMP.
Thank you very much for your replies.
After I capture the traffic, I want to ask the RYU controller to check the status of a flag (0 or 1) in the received packet headers from a switch.
Could you please let me know how can I do that?
Thank you
That will depend on the configuration of the RYU. I'm not familiar with it, so I'd have to refer you to check vendor documentation.
Thank you.
How can I read and analyze pcap file in RYU?
I think I have two options:
- Use OpenFlow statistics: Based on the RYU book, RYU can monitor switch information per port(TX byte, RX byte,..) and not packet information(header, payload)
- Use Wireshark: The problem is where to run Wireshark. If run on a host, how RYU can fetch the information? If run on the switch or controller, it seems it's not feasible.
I would be grateful if share any ideas you have.
Thank you.
Can RYU run tcpdump?
I think so: https://stackoverflow.com/questions/37998065/understanding-ryu-openflow-controller-mininet-wireshark-and-tcpdump
see if that helps you out.