The bsod visualisation tool uses the libtrace framework to transform network traffic into a graphical format that can be viewed in real time. Capturing from a live network interface, or from a saved trace file, bsod visualises the flow of network data between hosts, providing (at a glance) information about network usage.
The BSOD webpage is http://research.wand.net.nz/software/visualisation.php
Spent much of my week working on getting BSOD ready to be wheeled out at Open Day once again. During this process, I managed to find and fix a couple of bugs in the server that were now causing nasty crashes. I also tracked down a bug in the client where the UI elements aren't redrawn properly if the window is resized. Normally this hasn't been a big problem, but newer versions of Gnome like to try and silently resize full-screen apps and this meant that our UI was disappearing off the bottom of the screen. As an interim fix, I've disabled resizing in BSOD client but we really should be trying to handle resize events properly.
Received a bug report for libtrace about the compression detection occasionally giving a false positive for uncompressed ERF traces. This is because the ERF header has no identifying 'magic' at the start, so every now and again the first few bytes (where the timestamp is stored) end up matching the bytes we use to identify a gzip header. I've strengthened the gzip check to use an extra byte so the chance of this happening now is 1 in 16 million. I've also added a special URI format called rawerf: so users can force libtrace to treat traces as uncompressed ERF.
Friday was mostly consumed with looking after our displays at Open Day. BSOD continued to impress quite a few people and we were reasonably busy most of the day, so it seemed a worthwhile exercise.
Released a new version of BSOD client on Tuesday.
Did some planning with Brendon, thinking about how we're going to bring all the components of the MSI project together into something usable.
Played around with a live libprotoident application, getting it to write results into a postgresql database and an RRD. Postgresql required a fair bit of revision of SQL and database theory. The RRD was much easier to get up and running.
Continued improvements to libprotoident - trying to get that accuracy rate up even further!
A new version of the BSOD client (2.0.2) was released today. This release fixes the bug where particles would continue traveling past the planes instead of stopping. We've also restored movement through the 3D space using WASD which used to be present in the older clients. Now you can easily zoom in on the interesting endpoints on each plane and click on them easily to identify them!
We've built updated binaries for Mac OS X and Windows too. The Windows binary now comes with a proper installer. Both the Mac and Windows binaries are 32-bit, due to the limitations of some libraries we depend upon, but have been tested successfully on 64-bit machines.
A new version of the server was also recently released that fixes a build error on some systems and fixes a bug where input looping was not working correctly.
The new versions of BSOD server and client can be downloaded from here. Any problems or questions should be addressed to contact [at] wand [dot] net [dot] nz
Re-ran my CAA analysis using the updated libprotoident and updated the results in my paper accordingly.
Made a few tweaks to libtcpcsm, based on suggestions from a user. Looking towards rolling out a new release soon.
Set up a build environment for BSOD client on BIGMAC. This took a bit longer than expected due to the move to Xcode 4. Managed to find and fix a bug in libwandevent that was preventing looping input from working properly. Also got the client building and running on tkn as well after a painful Windows 7 + Visual Studio install.
Finished the week by adding WASD movement back into BSOD client and an option to the server that forces it to wait for a client to connect before reading from the input
Spent most of my week working on the draft version of the paper on the effect of the CAA on DSL users. Finished the draft on Friday, having included plenty of (hopefully) interesting results. Anyone interested in reading over the paper should get in touch with me and I give you a copy.
Patched libtrace to support --with-foo configure options for all the optional dependencies. Apparently this is a bit of an issue with some Linux distros, e.g. Gentoo.
Released a new version of BSOD server on Friday to fix a crash issue that was occurring with recent libprotoident releases.
Spent some time looking at traffic that was being classed as SSL by libprotoident. Turns out that, with a bit of port and payload size analysis, I can sub-classify the SSL as Google talk, Apple push notifications, Facebook chat, PSN store, POP3S and NNTPS.
I have created Trac sites for both the libprotoident and BSOD projects, so it is now possible to file tickets to report bugs or request features for either of these projects through the Trac system, rather than having to contact me directly.
The Trac sites also feature wikis which I intend to use to provide more extensive documentation for these projects, e.g. explanations of the protocols supported by libprotoident. At the moment, this is a work in progress but hopefully will get fleshed out over time.