How to capture all of packet for IDS?

asked 2014-11-19 05:14:09 -0700

Seunghyeon gravatar image

I want to make some application which works as Intrusion Detection System.

In order to achieve this, my network application running on ODL must capture all of packet across the switch.

However, default ODL setting does not capture port level flow.

How can i change ODL setting for capture all of packet flow including port change?

Ex) current ODL does not capture h1 nmap

It just sends flow-mod to switch as to


which version of controller are you running? and which features do you have enabled?

Chris O'Shea ( 2014-11-20 11:19:11 -0700 )edit

answered 2014-11-24 06:28:34 -0700

faizan gravatar image

At southbound there is an interface "", to allow a module to receive packets sent by the switch to the controller, the class needs to implement IListenDataPacket. One need to capture a packet from Switch to Controller and after decoding that packet one can use the information in it according to use case.

It does not collects packet, if the switch has flow rule to deal with that packet. I found some technique for capturing all of packet (port mirroring) Thanks for replying!!

Seunghyeon ( 2014-12-04 05:23:25 -0700 )edit

I would like to know what approch you followed for port change message ?? @Seunghyeon Regards, Faizan

faizan ( 2014-12-04 07:16:58 -0700 )edit

@faizan Acutally, i don`t understand what you ask to me. You mean how can i set the port mirroring ?

Seunghyeon ( 2014-12-07 18:31:10 -0700 )edit

I think for IDS, you are fine with inspecting the packet only when it comes the first time. In that case implementing the IListenDataPacket should suffice. This will allow you to inspect the packet when it has come for the first time, the rest will flow as per the flow you have programmed.

Srijit Nair ( 2014-12-11 23:06:23 -0700 )edit

Mr Seunghyeon, Can you please share with us, the approach you took, for Port-Mirroring? how did you do that. And did it give you the solution for your IDS part too? Thanks Java

java ( 2015-06-30 14:57:23 -0700 )edit
Asked: 2014-11-19 05:14:09 -0700

Seen: 794 times

Last updated: Nov 24 '14