How to Implement Network Port Access in NS2
To implement the Network Port Access in NS2, we could require to simulate how various ports on nodes are accessed and handled. In the real-world networks, this ports are used by applications and services to communicate, for instances are HTTP uses port 80, SSH uses port 22, and etc. Port access control permits to replicate in which the ports are blocked, open, or filtered on a node, same to how a firewall or network access control (NAC) works.
Whereas NS2 does not have a built-in mechanism to directly replicate the port access and filtering (like a firewall or NAC), we can mimic port-based behaviour using existing protocols such as UDP and TCP and by integrating custom port-based access control logic in the TCL scripts. We guide you on how to implement it in NS2:
Steps to Implement Network Port Access Control in NS2
- Set up NS2 Environment
Make sure that NS2 is installed and setup appropriately on the system. The simulation environment NS2 supports UDP and TCP traffic that we will use to replicate the communication via various ports.
- Simulating Port Access Control
We will simulate the port access control by permitting or refusing access to particular ports on a node. Every node will have specific ports either open or closed, and only traffic to the open ports will be permitted through.
- Create a TCL Script for Port Access Control
The following is a sample TCL script that replicates the network port access control. These nodes will try to communicate over various ports, then the script will control that ports are available on each node.
Example TCL Script for Port Access Control:
# Create a new NS2 simulator
set ns [new Simulator]
# Open trace and NAM output files
set tracefile [open port_access.tr w]
$ns trace-all $tracefile
set namfile [open port_access.nam w]
$ns namtrace-all $namfile
# Define wireless network parameters
set val(chan) Channel/WirelessChannel
set val(prop) Propagation/TwoRayGround
set val(ant) Antenna/OmniAntenna
set val(netif) Phy/WirelessPhy
set val(mac) Mac/802_11
set val(ifq) Queue/DropTail/PriQueue
set val(ifqlen) 50
set val(ll) LL
set val(rp) AODV ;# Use AODV routing protocol
set val(x) 1000
set val(y) 1000
set val(num_nodes) 3 ;# Number of nodes
# Create topography for the network
set topo [new Topography]
$topo load_flatgrid $val(x) $val(y)
# Configure node parameters
$ns node-config -adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace ON
# Create nodes and set initial positions
set node0 [$ns node]
set node1 [$ns node]
set node2 [$ns node]
$node0 set X_ 100
$node0 set Y_ 100
$node0 set Z_ 0
$node1 set X_ 300
$node1 set Y_ 300
$node1 set Z_ 0
$node2 set X_ 500
$node2 set Y_ 500
$node2 set Z_ 0
# Define port access control rules for node1 (Allow only port 80 and 22)
set open_ports [list 80 22]
# Function to check if a port is allowed
proc check_port_access {dst_port} {
global open_ports
if {[lsearch -exact $open_ports $dst_port] == -1} {
return 0 ;# Port is blocked
} else {
return 1 ;# Port is open
}
}
# Function to simulate network access control (port-based filtering)
proc port_access_control {src_node dst_node port protocol} {
global ns
if {[check_port_access $port] == 1} {
# Port is open, allow the connection
puts “Access to port $port allowed. Protocol: $protocol”
# Setup TCP or UDP based on the protocol
if {$protocol == “TCP”} {
set tcp [new Agent/TCP]
$ns attach-agent $src_node $tcp
set sink [new Agent/TCPSink]
$ns attach-agent $dst_node $sink
$ns connect $tcp $sink
return $tcp
} elseif {$protocol == “UDP”} {
set udp [new Agent/UDP]
$ns attach-agent $src_node $udp
set null [new Agent/Null]
$ns attach-agent $dst_node $null
$ns connect $udp $null
return $udp
}
} else {
# Port is blocked, deny the connection
puts “Access to port $port denied.”
return 0
}
}
# Simulate traffic from node0 to node1 on port 80 (HTTP) using TCP
set tcp80 [port_access_control $node0 $node1 80 “TCP”]
# Simulate traffic from node0 to node1 on port 22 (SSH) using TCP
set tcp22 [port_access_control $node0 $node1 22 “TCP”]
# Simulate traffic from node0 to node1 on port 443 (HTTPS) using TCP (should be blocked)
set tcp443 [port_access_control $node0 $node1 443 “TCP”]
# Simulate traffic from node0 to node1 on port 53 (DNS) using UDP (should be blocked)
set udp53 [port_access_control $node0 $node1 53 “UDP”]
# Create traffic sources (CBR for UDP and FTP for TCP)
if {$tcp80 != 0} {
set ftp0 [new Application/FTP]
$ftp0 attach-agent $tcp80
$ns at 1.0 “$ftp0 start”
$ns at 9.0 “$ftp0 stop”
}
if {$tcp22 != 0} {
set ftp1 [new Application/FTP]
$ftp1 attach-agent $tcp22
$ns at 2.0 “$ftp1 start”
$ns at 9.0 “$ftp1 stop”
}
if {$udp53 != 0} {
set cbr0 [new Application/Traffic/CBR]
$cbr0 attach-agent $udp53
$cbr0 set packetSize_ 512
$cbr0 set rate_ 1Mb
$ns at 3.0 “$cbr0 start”
$ns at 9.0 “$cbr0 stop”
}
# Schedule simulation end
$ns at 10.0 “finish”
# Finish procedure to close trace and NAM files
proc finish {} {
global ns tracefile namfile
$ns flush-trace
close $tracefile
close $namfile
exec nam port_access.nam &
exit 0
}
# Run the simulation
$ns run
- Explanation of Key Components
- Port Access Control: The open_ports list describes which ports are open for access on node1. In this situation, ports 80 (HTTP) and 22 (SSH) are open, during other ports are blocked.
- Port Checking Logic: The check_port_access function verifies if a port is open or blocked by comparing the end port versus the list of open ports.
- Traffic Simulation: We replicate the traffic across TCP and UDP by stipulating various ports:
- Port 80 (HTTP) using TCP.
- Port 22 (SSH) using TCP.
- Port 443 (HTTPS) using TCP (this is blocked by the port filtering logic).
- Port 53 (DNS) using UDP (this is also blocked).
- Applications:
- FTP is used to mimic the TCP traffic.
- CBR (Constant Bit Rate) is used for UDP traffic.
- Run the Simulation
We can save the script as port_access.tcl then we run it in NS2:
ns port_access.tcl
When the simulation completes, we can envision the network performance using NAM:
nam port_access.nam
- Analyse the Simulation Output
In the console, we will observe the messages incorporating whether access to particular ports was permitted or rejected, like:
vbnet
Copy code
Access to port 80 allowed. Protocol: TCP
Access to port 22 allowed. Protocol: TCP
Access to port 443 denied.
Access to port 53 denied.
- Advanced Features for Port Access Control
We can expand the port access control simulation in numerous paths:
- Dynamic Port Blocking: Append a logic to actively block or open ports when the simulation according to the network events such as an attack is detected.
- Firewall Rules: Execute more difficult firewall rules, like filtering rely on the IP address, port, and protocol.
- Access Control Lists (ACLs): Execute ACLs, where describe which IPs can access specific ports.
- Port Scanning Simulation: Replicate a port-scanning attack to find an open ports on a node.
We systematically followed a staged techniques, carrying out and analysing the Network Port Access using the simulation NS2. More in-depth details on this topic will be offered too. Our team works on protocols such as UDP and TCP for our applications. Contact us for expert project direction and Network Port Access in NS2 implementation outcomes.