Port Knocking

In this tutorial Port knocking application leveraging OpenState features has been explained step by step.

Before going further into this tutorial, you have to make sure you have installed the OpenState softswitch in Mininet as explained here http://openstate-sdn.github.io/. The completeness of this step leads Mininet to use OpenState as its OpenFlow user space switch.

1. Launch portknock application in Mininet by typing the following command:

   $ ryu-manager ryu/ryu/app/openstate/portknock.py

The port knock program composes of the following port sequence. PORT_LIST = [5123, 6234, 7345, 8456, 2000]

2. Start Mininet with a single topology with 3 hosts:

   $ sudo mn --topo single,3 --mac --switch user --controller remote -x

3. According to the port sequence you may need to use nc which runs netcat tools to create a UDP connection toward the arbitrary server and port.

In host h2 run the server with the following commands:

$  nc -u -l -p 5123

In h1 CLI go for the following command:

$  nc -u 10.0.0.2 5123

At this step if you send a text message on the h1 CLI you are not going to receive it at the server side. So far everything is going as expected. Continue with rest of the port sequence and perform the same test process by sending a text msg for the following steps:

server side: client side Test msg $ nc -u -l -p 6234 $ nc -u 10.0.0.2 6234 Not receiving

$ nc -u -l -p 7345 $ nc -u 10.0.0.2 7345 Not receiving

$ nc -u -l -p 8456 $ nc -u 10.0.0.2 8465 Not receiving

nc -u -l -p 2000 nc -u 10.0.0.2 2000 Receiving