Packet Filtering

[mehdi]

Hello,

I research SDN security. I simulate an SDN network with an RYU controller. I use Scapy to generate traffic.
Now I want to read and analyse some parameters in a packet header like flags to distinguish between legitimate and illegitimate packets.

Which solution do you suggest?

Thank you.

[icecream-guy]

WireShark

[deanwebb]

Adding more detail - if you can either run WireShark on a PC at each end of the conversation OR run TCPDUMP on a Linux device at either end, you can have full capture of both the sending and receiving ends of the network traffic. You can also set up a mirror port on a switch device between the ends of the conversation, but it is usually easier to just install WireShark or run TCPDUMP.

[mehdi]

Thank you very much for your replies.

After I capture the traffic, I want to ask the RYU controller to check the status of a flag (0 or 1) in the received packet headers from a switch.

Could you please let me know how can I do that?


Thank you

[deanwebb]

That will depend on the configuration of the RYU. I'm not familiar with it, so I'd have to refer you to check vendor documentation.

[mehdi]

Thank you.

How can I read and analyze pcap file in RYU?

[mehdi]

I think I have two options:

- Use OpenFlow statistics: Based on the RYU book, RYU can monitor switch information per port(TX byte, RX byte,..) and not packet information(header, payload)

- Use Wireshark: The problem is where to run Wireshark. If run on a host, how RYU can fetch the information? If run on the switch or controller, it seems it's not feasible.

I would be grateful if share any ideas you have.

Thank you.

[deanwebb]

Can RYU run tcpdump?

I think so: https://stackoverflow.com/questions/37998065/understanding-ryu-openflow-controller-mininet-wireshark-and-tcpdump

see if that helps you out.