Monday, April 05, 2010
UDP packets
ok, so all those strange packets are UDP packets. UDP stands for User Datagram Protocol, which really means nothing to me. anyways, UDP can be used for broadcasting information across a network, and from reading a bit about it i get the impression that its generally kind of messy when compared with TCP. TCP (Transmission Control Protocol) is what is used to build a precise, static file, like a webpage or a file that you save on your computer. so, maybe what i'm seeing on my computer is just content that is broadcasted across the entire local network. still, i don't know why that is done, or why it would be done from far away places, but i'll figure it out.
promiscuous mode
was reading about 'promiscuous mode' the other night, but don't remember much about it. might explain some of the mystery traffic, but i think probably not. apparently you can tell your computer to go ahead and accept whatever traffic happens to wash over it, which i totally don't understand, and use this mode to monitor activity that isn't meant for you. but, i don't think my computer is normally promiscuous, so that may not be relevant. my laptop is probably a zombie, receiving secret orders from another zombie in bulgaria. wow! i'll figure it all out later. anyways, drove to connecticut this weekend with jingping, first time ever out of the City into the "new england". it was alright i guess.
Friday, April 02, 2010
hm..
looking at traffic again last night with the MNM, with the explicit internet applications all turned off. over something like a 20 minute period, there were conversations between my computer and maybe ten others from around the world. i checked a few of these addresses; one in bulgaria, one in italy, one in china. each was only a few packets. i didn't save the recording, which i think i'll do from now on, so maybe eventually i can figure out what these things are. is my computer a zombie? are these just scans or searches from computers in faraway places? i must know.
Wednesday, March 31, 2010
ports and NAT
ok, so i've been kind of curious as to what a port is. i still don't really know, but i think it's kind of like an address for a specific function within a computer. a computer has lots of ports. they're not physical things, more like indices for input and output.
anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).
so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.
but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.
i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.
anyways, there's some stuff about ports.
anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).
so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.
but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.
i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.
anyways, there's some stuff about ports.
Subscribe to:
Posts (Atom)