MiniCPS is a lightweight simulator for accurate network traffic in an industrial control system, with basic support for physical layer interaction.
This page summarizes the basic installation, configuration and testing of MiniCPS. We provide a tutorial for beginners here: :ref:`swat-tutorial`. If you need more information about a specific topic see :ref:`misc`.
You need to start MiniCPS installation by installing Mininet and its dependencies.
Notice that Mininet can be installed either inside a Virtual Machine (VM) or on your physical machine. The official Mininet VM comes without an X-server that is an optional requirements for MiniCPS (e.g., it can be used to display a pop-up window with sensor data visualization). If you decide to install Mininet on your own, the following hints can be helpful.
Mininet seems to assume a mininet user in the mininet group is present on the system. You need to create both
sudo useradd mininet
sudo addgroup mininetMininet relies on openvswitch-controller as basic SDN controller (unless you install POX or other controllers yourself). Since Open vSwitch 2.1, the openvswitch-controller was renamed to openvswitch-testcontroller. This means you will have to a) ensure that you have the corresponding package installed, e.g. via (on Ubuntu 16.04 or later)
sudo apt install openvswitch-testcontrollerThen, you need to patch the minicps source (e.g., /usr/lib/python2.7/dist-packages/mininet/clean.py and /usr/lib/python2.7/dist-packages/mininet/node.py) to use the updated binary name (change occurances of openvswitch-controller to openvswitch-testcontroller).
find /usr/lib/python2.7/dist-packages/mininet/ -type f -exec sudo sed -i 's/ovs-controller/ovs-testcontroller/' {} \;Ensure the corresponding service is running, e.g., by using
sudo service openvswitch-switch startYou should now be able to start a simple topology without error messages by using
sudo mnThe Installing MiniCPS section provides instructions to install minicps
for a user or a developer, and it assumes that you already have installed
mininet.
MiniCPS is can be installed using pip:
sudo pip install minicpsTest the installation downloading one of our examples from https://github.com/scy-phy/minicps/tree/master/examples and try to run it.
For example, given that you downloaded the examples directory,
then you can cd swat-s1 folder and run:
sudo python run.pyAnd you should see the following:
*** Ping: testing ping reachability
attacker -> plc1 plc2 plc3
plc1 -> attacker plc2 plc3
plc2 -> attacker plc1 plc3
plc3 -> attacker plc1 plc2
*** Results: 0% dropped (12/12 received)
mininet>For SDN controller development there are many options,
pox is a good starting point and Mininet's VM already includes it. If you
want to manually install it type:
cd
git clone https://github.com/noxrepo/poxMiniCPS pox controller files are tracked in the minicps repo itself.
To symlink them to pox's dedicated external controller folder ( pox/ext)
execute the following:
~/minicps/bin/pox-init.py [-p POX_PATH -m MINICPS_PATH -vv]Notice that:
- You can increase the verbosity level using either
vor-vv POX_PATHdefaults to~/poxandMINICPS_PATHdefaults to~/minicps, indeed~/minicps/bin/initshould work for you.
If you want to contribute to the project please take a look at :ref:`contributing`.
Mininet VM comes with a ssh server starting at boot. Check it using:
ps aux | grep sshYou should see a /usr/sbin/sshd -D running process.
If you want to redirect X command to your host X-server ssh into mininet VM,
e.g., to display graphs even if your VM doesn't run an X server,
using the -Y option:
ssh -Y mininet@mininetvmIn order to reduce the network traffic you can disable the
Linux ipv6 kernel module. (mininet VM already disables it)
sudo vim /etc/default/grubSearch for GRUB_CMDLINE_LINUX_DEFAULT and prepend to the string
ipv6.disable=1. You should obtain something like this:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 ..."Where ... is other text that you don't have to touch.
Then:
sudo update-grubThen reboot your machine and check it with ifconfig that no
inet6 is listed.
Instruction taken from here