Ask Your Question
0

How to capture all of packet for IDS?

asked 2014-11-19 05:14:09 -0700

Seunghyeon gravatar image

I want to make some application which works as Intrusion Detection System.

In order to achieve this, my network application running on ODL must capture all of packet across the switch.

However, default ODL setting does not capture port level flow.

How can i change ODL setting for capture all of packet flow including port change?

Ex) current ODL does not capture h1 nmap 10.0.0.2.

It just sends flow-mod to switch as 10.0.0.1 to 10.0.0.2

Thanks

edit retag flag offensive close merge delete

Comments

which version of controller are you running? and which features do you have enabled?

Chris O'Shea ( 2014-11-20 11:19:11 -0700 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-11-24 06:28:34 -0700

faizan gravatar image

At southbound there is an interface "IListenDataPacket.java", to allow a module to receive packets sent by the switch to the controller, the class needs to implement IListenDataPacket. One need to capture a packet from Switch to Controller and after decoding that packet one can use the information in it according to use case.

edit flag offensive delete publish link more

Comments

It does not collects packet, if the switch has flow rule to deal with that packet. I found some technique for capturing all of packet (port mirroring) Thanks for replying!!

Seunghyeon ( 2014-12-04 05:23:25 -0700 )edit

I would like to know what approch you followed for port change message ?? @Seunghyeon Regards, Faizan

faizan ( 2014-12-04 07:16:58 -0700 )edit

@faizan Acutally, i don`t understand what you ask to me. You mean how can i set the port mirroring ?

Seunghyeon ( 2014-12-07 18:31:10 -0700 )edit

I think for IDS, you are fine with inspecting the packet only when it comes the first time. In that case implementing the IListenDataPacket should suffice. This will allow you to inspect the packet when it has come for the first time, the rest will flow as per the flow you have programmed.

Srijit Nair ( 2014-12-11 23:06:23 -0700 )edit

Mr Seunghyeon, Can you please share with us, the approach you took, for Port-Mirroring? how did you do that. And did it give you the solution for your IDS part too? Thanks Java

java ( 2015-06-30 14:57:23 -0700 )edit
Login/Signup to Answer

Question Tools

Follow
2 followers

Stats

Asked: 2014-11-19 05:14:09 -0700

Seen: 657 times

Last updated: Nov 24 '14