Thursday, 7 August 2008

Snort progress

One of my task now is to identifying P2P activity from the tcpdump data collected by using Snort. But somehow, there is a problem where I could't get all alert from the total data. After rerun, retry and all the re..stuff, I manage to discover that on all occasion, snort actually ignore the discarded frame. That's why the delivered output is not the one expected. Of course we discard the frames during capturing process, because of the limited space of storage. However, need to find out how to deal with the snort feature.

Wednesday, 30 July 2008


Hari ni nak recap progress setakat 7 bulan sbg pelajar. Ikutkan perancangan nak buat something about p2p dlm mesh network. So, initial task is something to do with ns2 and datasets filtering. Tp, tulah, heran betullah naper snort rule ni tak dpt nak detect p2p drpd 30 minit pcap data. cuma dpt 4 alert drpd beriban lines of flow. Rasanya sebab encrypted payload yg menyebabkan snort tak dpt baca content payload tsb. Kenalah chk yg ni. Kalau nak bandingkan teknik lain yg diimplement dlm other related papers, ada yg boleh diambilkira. Byk sgt ler pulak ..pening jugak dah ni.
Pasal ns2 pulak, dptlah debug the previous error, tp ada error barulah pulak. Error nya berkenaan dgn "hopCount identifier is not declared". puaslah tambah line utk declare, tak jalan. tanya jugak kwn sbb dia buat java, so bolehlah sikit2 sbb program ni dlm C dan apply object oriented. Tp still tak mboh. Smlm,email sekali lagi owner nya. Hopefully kali ni berjawab lah. Masih menunggu...

Wednesday, 23 July 2008


Sesudah jatuh, sekarang ni dah dpt semangat baru utk memulakan kembali tugas sbg pelajar. Alhamdulillah. Mmglah adat kan jadi student. sekejap down sekejap up. up and down lah kiranya.
Tugas sekrg nak filter P2P drpd tcpdump data yg diambil dr Wray network. Tp nmpknya dr default rule dlm snort mmg tak blh nak capture any P2P. So, kenalah create rule sndri. Tp masalah nya tcpdump yg ada ni cuma first 68 bytes size header. Tak taulah cukup ke idak info nya. Still under investigation. Satu lagi, mcm tak sure kenapa output tcp dlm format 5 tuple in separate file tak synchonous dgn apa yg ada dlm tcpdump format. Sbb klu ikutkan dlm 5 tuple tuh dpt detect sport 6881 (bittorrent). But once check dlm tcpdump, there is nothing match with the flow. Hmm..akukah yg salah or mmg data incomplete. Dah ajukan pd supv dan tgh chk katanya. Tak blh nak buat apa sbb tuh data dia.
And then skrg aku beralih tgk ns2 pulak. Guna pakai code dr Sbai et al. from this link . At the moment still ada error. So, tgh work on it. Hopefully bolehlah run lepas ni. Dah letih lah makcik ni.

Tuesday, 15 July 2008

Simulating using ns2

Hmm..tukar bm lah pulak. mana tau kot supv jmpa blog ni and baca. mau haru hihihi. semalam dah berlalu, tanpa aku buat apa2. saja nak lepaskan rasa down yg aku alami. Balik rumah smlm, masak sweet sour talapia filet. Pastu buat sambal tumis ikan bilis lebih2 utk stock seminggu. maklumlah tak selera makan tanpa pedas. nak masak smbl hari2 malas lah pulak. habis masak duk kejap dan tggu hubby balik. makan sama2 pastu duk dpn tv. nak tggu margrib kul 942 lmbt sgt. so, tgk movie jap lah. decide nak tgk 'Batman Begins'. best jugak ye citer ni. lepas part 1 solat dulu, tidurkan anak2. kul 11 lebih jugak smbg part 2. habis dlm 1210am. badan pun dah letih. azam nak smbg buat keja esok. so, tidurlah dulu. zzzz...zzzz
So, hari ni kena mulakan azam baru. cheer up weeda. kat sini kwn2 pggl weeda. maklumlah rasa cam dah tua pulak nak guna 'weed' . tp buat rakan2 yg dah biasa ngan weed, i don't mind.
ok.need to start working with ns2. arituh dah cuba nak simulate p2p dlm wireless adhoc guna somebody's work, tp cannot work. pastuh orgnya pun reply sekali. susah kan klu nak pakai org punya. nak buta sendiri tak expert pulak. anyway, need to start back and find out some way to help me out.

Monday, 14 July 2008

Today's Meeting

My 1st six months journey in PhD had just pass by. But still do not know what exactly I am going to do. Today I felt very upsad and my mood is terribly down.
As usual, I have a meeting with supervisor every Monday morning. Actually, today I am very excited to meet him. However, after I explain all works that I had done, he said that the data is not enough..not enough to come out with concrete solution. uwa..uwa..He sugesst me to use tcpdump data collected data and run it with slightly identical snort software (L6??) to find out the result. And from that point, by using my method apply with the same duration of data collected and find out if the result is similar with the one from snort. But somehow, I need to face it.
So, this week, I will deal with tcpdump data. And try to look at ns2 as I had left it for more than 2 months. Really need to refresh my memory.

Monday, 30 June 2008

Debaran Selepas 6 Bulan..

Pejam celik..pejam celik..arini last day Jun08. Ini bermakna sudah 6 bulan kami sekeluarga menetap di UK. Cepat sungguh masa berlalu. Bila dah 6 bulan, mulalah pikir, apa yg dah buat selama ni..apa ekk yg dah buat. rasa mcm tak banyak jek progress. tajuk pun lom clear lagik. tp bila teringat kata senior "Kak Hanis"..lega sikit hati ni. Kata Kak Hanis, tahun pertama tahun melawat UK sbb kita akan baca semua area yg bersangkut paut dan berpusing-pusing di situ sehinggalah nmpk apa nak buat. Thanks Kak Hanis. Byk betul motivasi yg beliau sampaikan walaupun sempat mengenal beliau tidak sampai 6 bulan.
Berbalik kepd isu 6 bulan. Arini meeting dgn supervisor dan antara intipati nya adalah progress report 6 bulan. Berdebar sungguh nak tunggu apa respond dia pada progress selama ni. Adakah expectation dia dipenuhi atau pun melebihi (tidak mungkin..) atau pun tidak melepasi (auzubillah). Mudah-mudahan Allah permudahkan segala nya dan berikan yang terbaik. Amin.. Lepas dah siap isi borang progress report, bolehlah hntr ke pendaftar UTeM. Lepas satu beban, Kemudian mengadap progress report Lancaster pulak dan ditambah dgn review. InsyaAllah bulan 7 or 8 ni kena present 'six months review' dgn panel, kata supervisor. Berdebar lagi, tak tau nak present apa. Semua keja yg tgh buat on going, takde yg solid utk dibentangkan. Walauapapun, kenalah usaha yg terbaik dan moga Allah berikan petunjuk-Nya.
Utk kwn2 yg sedang sama-sama berjuang dalam bidang ilmu, teruskan usaha dan jangan putus asa. Sentiasalah mengingati Allah yg Esa. Allah mengetahui apa yg terbaik buat hambaNya.


Wednesday, 25 June 2008

First experience in blogging

Salam and hi.

Today is my first day of blogging. Before this I thought that blog is not easy because of the graphical and layout are painful to me. In contrast, it is not because in several minutes I had already created my own blog. From this blog, I hope that I will get connected to my family and friends out there.
Today also is my hubby's 33rd birthday. So, I need to go back early and cook something special for him. I am planning to bake a cake for him as well.
Till then, need to go back to work.
