Packet Filtering

Started by mehdi, April 24, 2022, 08:44:04 PM

Previous topic - Next topic

mehdi

Hello,

I research SDN security. I simulate an SDN network with an RYU controller. I use Scapy to generate traffic.
Now I want to read and analyse some parameters in a packet header like flags to distinguish between legitimate and illegitimate packets.

Which solution do you suggest?

Thank you.

icecream-guy

:professorcat:

My Moral Fibers have been cut.

deanwebb

Adding more detail - if you can either run WireShark on a PC at each end of the conversation OR run TCPDUMP on a Linux device at either end, you can have full capture of both the sending and receiving ends of the network traffic. You can also set up a mirror port on a switch device between the ends of the conversation, but it is usually easier to just install WireShark or run TCPDUMP.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

mehdi

Thank you very much for your replies.

After I capture the traffic, I want to ask the RYU controller to check the status of a flag (0 or 1) in the received packet headers from a switch.

Could you please let me know how can I do that?


Thank you

deanwebb

That will depend on the configuration of the RYU. I'm not familiar with it, so I'd have to refer you to check vendor documentation.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

mehdi

Thank you.

How can I read and analyze pcap file in RYU?

mehdi

I think I have two options:

- Use OpenFlow statistics: Based on the RYU book, RYU can monitor switch information per port(TX byte, RX byte,..) and not packet information(header, payload)

- Use Wireshark: The problem is where to run Wireshark. If run on a host, how RYU can fetch the information? If run on the switch or controller, it seems it's not feasible.

I would be grateful if share any ideas you have.

Thank you.

deanwebb

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.