Hari ni nak recap progress setakat 7 bulan sbg pelajar. Ikutkan perancangan nak buat something about p2p dlm mesh network. So, initial task is something to do with ns2 and datasets filtering. Tp, tulah, heran betullah naper snort rule ni tak dpt nak detect p2p drpd 30 minit pcap data. cuma dpt 4 alert drpd beriban lines of flow. Rasanya sebab encrypted payload yg menyebabkan snort tak dpt baca content payload tsb. Kenalah chk yg ni. Kalau nak bandingkan teknik lain yg diimplement dlm other related papers, ada yg boleh diambilkira. Byk sgt ler pulak ..pening jugak dah ni.
Pasal ns2 pulak, dptlah debug the previous error, tp ada error barulah pulak. Error nya berkenaan dgn "hopCount identifier is not declared". puaslah tambah line utk declare, tak jalan. tanya jugak kwn sbb dia buat java, so bolehlah sikit2 sbb program ni dlm C dan apply object oriented. Tp still tak mboh. Smlm,email sekali lagi owner nya. Hopefully kali ni berjawab lah. Masih menunggu...
Wednesday 30 July 2008
Wednesday 23 July 2008
Snort..oink..oink..
Sesudah jatuh, sekarang ni dah dpt semangat baru utk memulakan kembali tugas sbg pelajar. Alhamdulillah. Mmglah adat kan jadi student. sekejap down sekejap up. up and down lah kiranya.
Tugas sekrg nak filter P2P drpd tcpdump data yg diambil dr Wray network. Tp nmpknya dr default rule dlm snort mmg tak blh nak capture any P2P. So, kenalah create rule sndri. Tp masalah nya tcpdump yg ada ni cuma first 68 bytes size header. Tak taulah cukup ke idak info nya. Still under investigation. Satu lagi, mcm tak sure kenapa output tcp dlm format 5 tuple in separate file tak synchonous dgn apa yg ada dlm tcpdump format. Sbb klu ikutkan dlm 5 tuple tuh dpt detect sport 6881 (bittorrent). But once check dlm tcpdump, there is nothing match with the flow. Hmm..akukah yg salah or mmg data incomplete. Dah ajukan pd supv dan tgh chk katanya. Tak blh nak buat apa sbb tuh data dia.
And then skrg aku beralih tgk ns2 pulak. Guna pakai code dr Sbai et al. from this link http://planete.inria.fr/personnel/Mohamed_Karim.Sbai/BitTorrent/AdaptedBitTorrent.htm . At the moment still ada error. So, tgh work on it. Hopefully bolehlah run lepas ni. Dah letih lah makcik ni.
Tugas sekrg nak filter P2P drpd tcpdump data yg diambil dr Wray network. Tp nmpknya dr default rule dlm snort mmg tak blh nak capture any P2P. So, kenalah create rule sndri. Tp masalah nya tcpdump yg ada ni cuma first 68 bytes size header. Tak taulah cukup ke idak info nya. Still under investigation. Satu lagi, mcm tak sure kenapa output tcp dlm format 5 tuple in separate file tak synchonous dgn apa yg ada dlm tcpdump format. Sbb klu ikutkan dlm 5 tuple tuh dpt detect sport 6881 (bittorrent). But once check dlm tcpdump, there is nothing match with the flow. Hmm..akukah yg salah or mmg data incomplete. Dah ajukan pd supv dan tgh chk katanya. Tak blh nak buat apa sbb tuh data dia.
And then skrg aku beralih tgk ns2 pulak. Guna pakai code dr Sbai et al. from this link http://planete.inria.fr/personnel/Mohamed_Karim.Sbai/BitTorrent/AdaptedBitTorrent.htm . At the moment still ada error. So, tgh work on it. Hopefully bolehlah run lepas ni. Dah letih lah makcik ni.
Tuesday 15 July 2008
Simulating using ns2
Hmm..tukar bm lah pulak. mana tau kot supv jmpa blog ni and baca. mau haru hihihi. semalam dah berlalu, tanpa aku buat apa2. saja nak lepaskan rasa down yg aku alami. Balik rumah smlm, masak sweet sour talapia filet. Pastu buat sambal tumis ikan bilis lebih2 utk stock seminggu. maklumlah tak selera makan tanpa pedas. nak masak smbl hari2 malas lah pulak. habis masak duk kejap dan tggu hubby balik. makan sama2 pastu duk dpn tv. nak tggu margrib kul 942 lmbt sgt. so, tgk movie jap lah. decide nak tgk 'Batman Begins'. best jugak ye citer ni. lepas part 1 solat dulu, tidurkan anak2. kul 11 lebih jugak smbg part 2. habis dlm 1210am. badan pun dah letih. azam nak smbg buat keja esok. so, tidurlah dulu. zzzz...zzzz
So, hari ni kena mulakan azam baru. cheer up weeda. kat sini kwn2 pggl weeda. maklumlah rasa cam dah tua pulak nak guna 'weed' . tp buat rakan2 yg dah biasa ngan weed, i don't mind.
ok.need to start working with ns2. arituh dah cuba nak simulate p2p dlm wireless adhoc guna somebody's work, tp cannot work. pastuh orgnya pun reply sekali. susah kan klu nak pakai org punya. nak buta sendiri tak expert pulak. anyway, need to start back and find out some way to help me out.
So, hari ni kena mulakan azam baru. cheer up weeda. kat sini kwn2 pggl weeda. maklumlah rasa cam dah tua pulak nak guna 'weed' . tp buat rakan2 yg dah biasa ngan weed, i don't mind.
ok.need to start working with ns2. arituh dah cuba nak simulate p2p dlm wireless adhoc guna somebody's work, tp cannot work. pastuh orgnya pun reply sekali. susah kan klu nak pakai org punya. nak buta sendiri tak expert pulak. anyway, need to start back and find out some way to help me out.
Monday 14 July 2008
Today's Meeting
My 1st six months journey in PhD had just pass by. But still do not know what exactly I am going to do. Today I felt very upsad and my mood is terribly down.
As usual, I have a meeting with supervisor every Monday morning. Actually, today I am very excited to meet him. However, after I explain all works that I had done, he said that the data is not enough..not enough to come out with concrete solution. uwa..uwa..He sugesst me to use tcpdump data collected data and run it with slightly identical snort software (L6??) to find out the result. And from that point, by using my method apply with the same duration of data collected and find out if the result is similar with the one from snort. But somehow, I need to face it.
So, this week, I will deal with tcpdump data. And try to look at ns2 as I had left it for more than 2 months. Really need to refresh my memory.
As usual, I have a meeting with supervisor every Monday morning. Actually, today I am very excited to meet him. However, after I explain all works that I had done, he said that the data is not enough..not enough to come out with concrete solution. uwa..uwa..He sugesst me to use tcpdump data collected data and run it with slightly identical snort software (L6??) to find out the result. And from that point, by using my method apply with the same duration of data collected and find out if the result is similar with the one from snort. But somehow, I need to face it.
So, this week, I will deal with tcpdump data. And try to look at ns2 as I had left it for more than 2 months. Really need to refresh my memory.
Subscribe to:
Posts (Atom)
