[Bro-Dev] OpenFlow Analyzer
Johanna Amann
johanna at icir.org
Tue Oct 18 12:59:20 PDT 2016
Just to add to this - there is no analyzer and so far this is also not
planned. In addition to that - OpenFlow encourages use of TLS, so you
(hopefully) should not actually see a lot of unencrypted OF traffic on
the wire.
Johanna
On 17 Oct 2016, at 15:47, Slagell, Adam J wrote:
> I get you now. I am not aware of an open flow protocol analyzer in
> Bro.
>
>> On Oct 17, 2016, at 2:45 PM, Hui Lin (Hugo) <hlin33 at illinois.edu>
>> wrote:
>>
>> Actually, netcontrol is what I thought of as northbound APIs. I
>> actually just wonder whether Bro has analyzer for openflow protocol
>> or not (some refer them as southbound traffics). It not, I probably
>> need to use wireshark to output the pcap and analyze them manually.
>>
>> On Mon, Oct 17, 2016 at 2:37 PM, Slagell, Adam J
>> <slagell at illinois.edu <mailto:slagell at illinois.edu>> wrote:
>> Have you looked at the netcontrol framework in Bro, developed by
>> Johanna?
>>
>>> On Oct 17, 2016, at 2:24 PM, Hui Lin (Hugo) <hlin33 at illinois.edu
>>> <mailto:hlin33 at illinois.edu>> wrote:
>>>
>>> Hi
>>>
>>> My understanding is that Bro has some northbound API to openflow
>>> switches or controllers. I am wondering whether any development
>>> branch has analyzer of openflow controllers. Just try to see whether
>>> I can use Bro to analyze some controller-to-switch traffics.
>>>
>>> Best,
>>>
>>> Hui
>>>
>>>
>>> --
>>> Hui Lin
>>> Ph.D. Candidate (http://hlin33.web.engr.illinois.edu/
>>> <http://hlin33.web.engr.illinois.edu/>)
>>> DEPEND (http://depend.csl.illinois.edu/
>>> <http://depend.csl.illinois.edu/>)
>>> ECE, Uni. of Illinois at Urbana-Champaign
>>>
>>> _______________________________________________
>>> bro-dev mailing list
>>> bro-dev at bro.org <mailto:bro-dev at bro.org>
>>> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.icsi.berkeley.edu_mailman_listinfo_bro-2Ddev&d=DQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=gMEsgy9kNQo7aTfyIJsOSuw4Z57hfQyz6uV2H4S9PvE&m=6uypPBIs5nv0peW6XK_o8f3Tu4OHNbnBILH4E2KzmI0&s=S1oVBNplwXmgrFjCjOVpo2f7jqaRkA83lof6A3C0K3c&e=>
>>
>> ------
>>
>> Adam J. Slagell
>> Chief Information Security Officer
>> Director, Cybersecurity Division
>> National Center for Supercomputing Applications
>> University of Illinois at Urbana-Champaign
>> www.slagell.info
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.slagell.info&d=DQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=gMEsgy9kNQo7aTfyIJsOSuw4Z57hfQyz6uV2H4S9PvE&m=6uypPBIs5nv0peW6XK_o8f3Tu4OHNbnBILH4E2KzmI0&s=si3U_XSgz2LTo9UrJ_nkxfh3RIFE1cVuMrTHK3PX6Sk&e=>
>>
>> "Under the Illinois Freedom of Information Act (FOIA), any written
>> communication to or from University employees regarding University
>> business is a public record and may be subject to public disclosure."
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Hui Lin
>> Ph.D. Candidate (http://hlin33.web.engr.illinois.edu/
>> <http://hlin33.web.engr.illinois.edu/>)
>> DEPEND (http://depend.csl.illinois.edu/
>> <http://depend.csl.illinois.edu/>)
>> ECE, Uni. of Illinois at Urbana-Champaign
>>
>
> ------
>
> Adam J. Slagell
> Chief Information Security Officer
> Director, Cybersecurity Division
> National Center for Supercomputing Applications
> University of Illinois at Urbana-Champaign
> www.slagell.info
>
> "Under the Illinois Freedom of Information Act (FOIA), any written
> communication to or from University employees regarding University
> business is a public record and may be subject to public disclosure."
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
More information about the bro-dev
mailing list