User login
Search Projects
Project Members
| Shane Alcock | admin |
| Brendon Jones |
BSOD
The bsod visualisation tool uses the libtrace framework to transform network traffic into a graphical format that can be viewed in real time. Capturing from a live network interface, or from a saved trace file, bsod visualises the flow of network data between hosts, providing (at a glance) information about network usage.
The BSOD webpage is http://research.wand.net.nz/software/visualisation.php
27
May
2013
Finished adding simple time series graphs for our switch interface byte count data. Got Brendon's event rendering working with these new graphs too, so we can now see and explore the events detected using the Plunge and ArimaShewhart detectors. They seem to be working reasonably well so far.
The next task I started on was fixing the URLs for the amp-web graphs -- the current setup is graph/
Developed a new version of libwandevent. There are two main changes in the new version. Firstly, the allocation and management of event structures is all handled internally by libwandevent -- no more filling in event structures and passing them off to libwandevent. The main reason for this is to try and minimise the chance of bugs where the programmer inadvertantly overwrites an existing event, much like the BSOD bug I had last week. However, it does break the existing API so there may be a slightly messy transition period. Secondly, I've added support for epoll so that will now be used instead of select, if available. Switched BSOD server over to use the new libwandevent and it seems to work pretty well.
20
May
2013
Spent much of my week working on getting BSOD ready to be wheeled out at Open Day once again. During this process, I managed to find and fix a couple of bugs in the server that were now causing nasty crashes. I also tracked down a bug in the client where the UI elements aren't redrawn properly if the window is resized. Normally this hasn't been a big problem, but newer versions of Gnome like to try and silently resize full-screen apps and this meant that our UI was disappearing off the bottom of the screen. As an interim fix, I've disabled resizing in BSOD client but we really should be trying to handle resize events properly.
Received a bug report for libtrace about the compression detection occasionally giving a false positive for uncompressed ERF traces. This is because the ERF header has no identifying 'magic' at the start, so every now and again the first few bytes (where the timestamp is stored) end up matching the bytes we use to identify a gzip header. I've strengthened the gzip check to use an extra byte so the chance of this happening now is 1 in 16 million. I've also added a special URI format called rawerf: so users can force libtrace to treat traces as uncompressed ERF.
Started working on trying to get amp-web to plot graphs of interface byte counts. I've managed to draw a line on the graph, but much of the graph styling is still using the smokeping style. I'm now looking at rewriting the javascript for the graph styling to be a bit more generic and configurable, rather than having one (mostly copied) javascript file for each of our metrics.
Friday was mostly consumed with looking after our displays at Open Day. BSOD continued to impress quite a few people and we were reasonably busy most of the day, so it seemed a worthwhile exercise.
05
Mar
2012
Released a new version of BSOD client on Tuesday.
Did some planning with Brendon, thinking about how we're going to bring all the components of the MSI project together into something usable.
Played around with a live libprotoident application, getting it to write results into a postgresql database and an RRD. Postgresql required a fair bit of revision of SQL and database theory. The RRD was much easier to get up and running.
Continued improvements to libprotoident - trying to get that accuracy rate up even further!
28
Feb
2012
A new version of the BSOD client (2.0.2) was released today. This release fixes the bug where particles would continue traveling past the planes instead of stopping. We've also restored movement through the 3D space using WASD which used to be present in the older clients. Now you can easily zoom in on the interesting endpoints on each plane and click on them easily to identify them!
We've built updated binaries for Mac OS X and Windows too. The Windows binary now comes with a proper installer. Both the Mac and Windows binaries are 32-bit, due to the limitations of some libraries we depend upon, but have been tested successfully on 64-bit machines.
A new version of the server was also recently released that fixes a build error on some systems and fixes a bug where input looping was not working correctly.
The new versions of BSOD server and client can be downloaded from here. Any problems or questions should be addressed to contact [at] wand [dot] net [dot] nz
27
Feb
2012
Re-ran my CAA analysis using the updated libprotoident and updated the results in my paper accordingly.
Made a few tweaks to libtcpcsm, based on suggestions from a user. Looking towards rolling out a new release soon.
Set up a build environment for BSOD client on BIGMAC. This took a bit longer than expected due to the move to Xcode 4. Managed to find and fix a bug in libwandevent that was preventing looping input from working properly. Also got the client building and running on tkn as well after a painful Windows 7 + Visual Studio install.
Finished the week by adding WASD movement back into BSOD client and an option to the server that forces it to wait for a client to connect before reading from the input
source.
20
Feb
2012
Spent most of my week working on the draft version of the paper on the effect of the CAA on DSL users. Finished the draft on Friday, having included plenty of (hopefully) interesting results. Anyone interested in reading over the paper should get in touch with me and I give you a copy.
Patched libtrace to support --with-foo configure options for all the optional dependencies. Apparently this is a bit of an issue with some Linux distros, e.g. Gentoo.
Released a new version of BSOD server on Friday to fix a crash issue that was occurring with recent libprotoident releases.
Spent some time looking at traffic that was being classed as SSL by libprotoident. Turns out that, with a bit of port and payload size analysis, I can sub-classify the SSL as Google talk, Apple push notifications, Facebook chat, PSN store, POP3S and NNTPS.
18
May
2011
I have created Trac sites for both the libprotoident and BSOD projects, so it is now possible to file tickets to report bugs or request features for either of these projects through the Trac system, rather than having to contact me directly.
The Trac sites also feature wikis which I intend to use to provide more extensive documentation for these projects, e.g. explanations of the protocols supported by libprotoident. At the moment, this is a work in progress but hopefully will get fleshed out over time.
The BSOD trac: http://wand.net.nz/trac/bsod/
The libprotoident trac: http://wand.net.nz/trac/libprotoident
