This research designed and implemented internet lawful interception, recording and analyzing system operated in a SDN network. This system was composed of Interception and Recording, Database, and Analyzing subsystems. In the realization, the SDN Ryu controller and Open vSwitch(OVS) that supports OpenFlow standard were adopted to emulated real SDN switches. Two different SDN architectures, single-switch and multi-switches topologies, were applied and implemented on both Mininet thru emulation and real devices. They can classify application flows of file transfer, web, and email services (i.e., corresponding to FTP, HTTP, SMTP, POP3 and IMAP4 protocols, respectively) and mirror each specific flow to the appropriate Interception and Recording Subsystem for analyzing and recording. Also, the implementation utilized the idea of network function virtualization so that the interception capability was designed to be able to arbitrarily enable or disable by activating on deactivating the mirroring function for the specific protocol in SDN switches.