User login

Meenakshee Mungro's blog

17

Dec

2012

Spent the first half of the week working on my protocol implementation on the server, and tested it by adding the necesary code to parse the bytes received in the client. It can now send flow records to the client in the same format as the lpi_live output. There are a number of features to add to it, but I'll work on those after I get back.
ALso started working on adding some new counters for the number of protocols used by local and external IPs for a reporting period. Not working entirely, but I'm leaving on holidays for 5 weeks and will try to get some work done while away.

Will be back on the first week on Feb and also plan to start on the report when possible.

10

Dec

2012

Spent the whole week working on the collector and a simple client to test it.
Shane helped with working out a packet format which would be used to send details about flows over a network. After working out the format, I started gradually developping a script(lpicp_export.cc) which formats the data according to the required packet structure. Currently, it adds a header, the name of the monitor(or "unnamed" if not specified), a subheader.
After that, I started working on a client which would read in the bytes and parse the values to extract the information sent by the server.

The plan for next week is to make the exporting script send out values from the counters and have the client parse the bytes received as before, as well as looking into using threads to have a separate thread writing out data to the DB while the program reads in values from a trace/other input source.

02

Dec

2012

Spent the week working on my collector.
Started with a simple Libtrace skeleton program and added features to it gradually with Shane's help. I played around with it and added code so that it would count the incoming and outgoing flows and output that every 2mins to the console using a Libwandevent timer. Also used Libwandevent to add and handle SIGINT signals. Then, I used Libflowmanager to keep track of flows and get rid of the ones that had expired and added code to keep counters for the new and expired flows, which were output to the console too. Finally, I had a look at Libprotoident's tool (lpi_live) and modified my code so that it used Libprotoident to identify the application protocol of flows.

Currently, the program outputs the results of processing the packets every n seconds(where n is a value specified in the command line arguments). Next, I have to modify the program to export the output over a network.

10

Aug

2012

Started this week by meeting with Shane, where he went over Libprotoident, Libtrace, Libflowmanager, lpi_live, etc. Also had a look at a trace file with some packet capture data from an ISP. Spent most of my time taking care of assingments and assigned readings, though.

Going away for the weekend, but will try to have a look at the 301 lecture notes and lpi_live before next week.

04

Aug

2012

Spent around an hour or so working on the blurb description last week, and more time than than I would have liked working on the proposal this week. Shane was very helpful, commenting on stuff I could add to the proposal and whatnot. That included going through a proposed implementation plan, which makes things much clearer now.

He was also kind enough to show me around and I finally got around to sorting out lab access to the WAND hardware lab. Will try to spend some time in the labs everyday -- chances are I'll be more productive in a "serious" environment.

For the next 2-3 weeks, the plan is to play around with Libprotoident and have a look at the examples, source code, etc but assignments are cropping up too, so not sure how well I'll be able to stick to the proposed schedule.