ok, very briefly because it's late.
if i leave the network monitor on for a while, it lists lots and lots of conversations between ARKIV (my computer) and other addresses out there in the world. most of these are UDP packets, but not all. of the ones that are UDP packets, i'm pretty sure that they're all associated with Skype. here is how i know:
the monitor does show when conversations are known to be controlled by a particular process like Skype. so, tonight, i record for a while, and i see two other addresses associated with Skype. one is jingping, i know, because tracert tells me that it's an insight address routed through Atlanta, and i already know that's our service in louisville. the other is somebody in new bedford MA, still in the comcast network. i don't know what that is.
anyways, so i can see jingping's IP address. it also shows up in the 'unknown' associated list of all those UDP conversations, with a different port number, 34268. all the other UDP conversations (most - i didn't look at each one) are also going to port 34268, so i deduce that they must also be associated with Skype.
so, apparently Skype is going to be an internet learning tool for me. it's very mysterious. are these other Skype users, using ARKIV as a waypoint for finding other users? i think that's what a supernode does, but from what i've read supernodes should have many, many more connections. so, i still don't know what this is all about, and skype's operations are kind of trade secrets which are hard to research online. still, i'm sure there's plenty out there for me to figure out.
okay, so there, i learned that i can identify a process by its port number. or, at least, i deduced it. it may be wrong.
Monday, April 19, 2010
Thursday, April 08, 2010
well..
oh man. i haven't learned anything today, except that there's only so far you can take a visual simulation before it breaks. so, i've been measuring thresholds for a simulated observer at different spatial frequencies, for content within photographs which has been thresholded depending on a trial-to-trial staircase. it works pretty well for the images themselves. the original image gets compared with the image containing a thresholded band, and the observer is able to converge at a measure of the threshold over several hundred trials, similar to a human observer.
what i do is this: the original image gets filtered at the frequency in question, and the filtered image (the output of the filter) is thresholded and added back into the original image minus the filtered image. so, we actually have the original image minus the subthreshold content within the filter. if the threshold is zero, these two images are identical, i.e. they are whole, unfiltered photographs. this is the experiment as i originally ran it on myself, trying to find the just-detectable threshold (the threshold-threshold). to do the experiment simulation, the thresholded image then gets filtered again, meaning that the filter picks up the thresholded content along with residual off-frequency content. this is the only reasonable way to get the test content, since 1) that off-frequency content is there in the image and would be seen by the filter, and thus can't be ignored, and 2) the filtered band contains harmonics which wouldn't be seen by the filter.
naturally, i eventually decided to do the same experiment without the complete image; i.e., just measure threshold-thresholds for the content within the filter. i thought this would be straightforward - i just use the filtered image as the 'original', and the thresholded filtered image as the 'test'. but then, i thought, ah, almost screwed up there: the thresholded filtered image should be filtered again, just like in the original experiment. so, you can see the problem. the original content is lifted straight out of the source image, while the thresholded content gets lifted out of the source image and again out of the thresholded image, which means it will be multiplied twice by the filter. so, even if the threshold is zero, the test and original images will be different.
this is a problem. in fact, it must also be a problem in the original experiment. but, the test and original images in the original experiment are the same when the threshold is zero - i assume this is because the off-frequency content amounts to the difference between the filtered and double-filtered content, and adding the filtered content back into the image basically restores the lost content.
i need to think about this.
what i do is this: the original image gets filtered at the frequency in question, and the filtered image (the output of the filter) is thresholded and added back into the original image minus the filtered image. so, we actually have the original image minus the subthreshold content within the filter. if the threshold is zero, these two images are identical, i.e. they are whole, unfiltered photographs. this is the experiment as i originally ran it on myself, trying to find the just-detectable threshold (the threshold-threshold). to do the experiment simulation, the thresholded image then gets filtered again, meaning that the filter picks up the thresholded content along with residual off-frequency content. this is the only reasonable way to get the test content, since 1) that off-frequency content is there in the image and would be seen by the filter, and thus can't be ignored, and 2) the filtered band contains harmonics which wouldn't be seen by the filter.
naturally, i eventually decided to do the same experiment without the complete image; i.e., just measure threshold-thresholds for the content within the filter. i thought this would be straightforward - i just use the filtered image as the 'original', and the thresholded filtered image as the 'test'. but then, i thought, ah, almost screwed up there: the thresholded filtered image should be filtered again, just like in the original experiment. so, you can see the problem. the original content is lifted straight out of the source image, while the thresholded content gets lifted out of the source image and again out of the thresholded image, which means it will be multiplied twice by the filter. so, even if the threshold is zero, the test and original images will be different.
this is a problem. in fact, it must also be a problem in the original experiment. but, the test and original images in the original experiment are the same when the threshold is zero - i assume this is because the off-frequency content amounts to the difference between the filtered and double-filtered content, and adding the filtered content back into the image basically restores the lost content.
i need to think about this.
Monday, April 05, 2010
UDP packets
ok, so all those strange packets are UDP packets. UDP stands for User Datagram Protocol, which really means nothing to me. anyways, UDP can be used for broadcasting information across a network, and from reading a bit about it i get the impression that its generally kind of messy when compared with TCP. TCP (Transmission Control Protocol) is what is used to build a precise, static file, like a webpage or a file that you save on your computer. so, maybe what i'm seeing on my computer is just content that is broadcasted across the entire local network. still, i don't know why that is done, or why it would be done from far away places, but i'll figure it out.
promiscuous mode
was reading about 'promiscuous mode' the other night, but don't remember much about it. might explain some of the mystery traffic, but i think probably not. apparently you can tell your computer to go ahead and accept whatever traffic happens to wash over it, which i totally don't understand, and use this mode to monitor activity that isn't meant for you. but, i don't think my computer is normally promiscuous, so that may not be relevant. my laptop is probably a zombie, receiving secret orders from another zombie in bulgaria. wow! i'll figure it all out later. anyways, drove to connecticut this weekend with jingping, first time ever out of the City into the "new england". it was alright i guess.
Friday, April 02, 2010
hm..
looking at traffic again last night with the MNM, with the explicit internet applications all turned off. over something like a 20 minute period, there were conversations between my computer and maybe ten others from around the world. i checked a few of these addresses; one in bulgaria, one in italy, one in china. each was only a few packets. i didn't save the recording, which i think i'll do from now on, so maybe eventually i can figure out what these things are. is my computer a zombie? are these just scans or searches from computers in faraway places? i must know.
Wednesday, March 31, 2010
ports and NAT
ok, so i've been kind of curious as to what a port is. i still don't really know, but i think it's kind of like an address for a specific function within a computer. a computer has lots of ports. they're not physical things, more like indices for input and output.
anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).
so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.
but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.
i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.
anyways, there's some stuff about ports.
anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).
so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.
but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.
i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.
anyways, there's some stuff about ports.
Monday, March 29, 2010
microsoft network monitor
oh, this is even better. i figured there must be programs for watching network activity in real time. i just googled "network monitor", and this was the first thing on the list: "microsoft network monitor". hey! i thought i'd see what it did.
what it does is exactly what i thought it did, and more. it keeps track of all the packets going in and out of the computer over a period of time. it also automatically bins these packets according to 'conversation', which is the set of [origin destination] that describes all of them. so, all the packets i send to jingping through skype fall in one bin, and all the ones she sends to me fall in another bin, for example.
last night i saw a couple of strange addresses communicating with my computer. i had turned off the browser, skype, and the chinese dictionary (which has some sort of homing beacon to beijing in it), but i still saw those packets arriving. where were they coming from? i don't know, except that one origin was in china (ningbo; 'zooz.org') and the other in australia (forgot the city). maybe my computer is a zombie! i will solve this mystery..
now, i need to learn more about packets and protocols.
what it does is exactly what i thought it did, and more. it keeps track of all the packets going in and out of the computer over a period of time. it also automatically bins these packets according to 'conversation', which is the set of [origin destination] that describes all of them. so, all the packets i send to jingping through skype fall in one bin, and all the ones she sends to me fall in another bin, for example.
last night i saw a couple of strange addresses communicating with my computer. i had turned off the browser, skype, and the chinese dictionary (which has some sort of homing beacon to beijing in it), but i still saw those packets arriving. where were they coming from? i don't know, except that one origin was in china (ningbo; 'zooz.org') and the other in australia (forgot the city). maybe my computer is a zombie! i will solve this mystery..
now, i need to learn more about packets and protocols.
Subscribe to:
Posts (Atom)