nmap 1

got a program called nmap, using the windows gui.

i can't really get a port scan to work on another computer. i tried to get jingping to turn off her firewall, but she said it was already off - i guess norton does its own firewall.

still, nmap has other neat functions. you can get it to do traceroute for you, along with other things, and it will hold on to all the data for you. as you do this, it creates a graphic plot of all the addresses you've been querying. if you're doing tracerouts, it plots ip paths, which is fantastic. here's what i did:

still working off the mysteries of Skype, i ran the network monitor for a few minutes, and got a list of those UDP conversations through port 34368. most of these just consist of my computer sending out a single datagram to some other address, with which i may or may not be also involved in a TCP session. a few ms later, i get a UDP back from the target. there were about 15 of these over a 5 minute period. i plugged them all into the nmap and tracerouted them (had to do this one by one, i'm going to have to get a little more sophisticated), and got back a neat plot showing how all these connections are related to me. these other IP addresses were all over the world, China, NZ, Japan, Russia, France, all over. maybe those are the supernodes, and i'm just registering with them by sending a datagram?

the plot is interesting in itself:


you can't read them but the ip address of every node along the route is listed. the maps are dynamic; you can highlight a node and all its children (those further down the route away from the center), change the center node, rotate, etc.

like i said, most of those UDP exchanges were just 2 packets, one out and one response. there were two other things that happened. one was, I sent 2 UDP packets and got back 1 RTP packet, which i think is actually a UDP packet carrying audio/video information. there wasn't anything else associated with that address, though, so i can't guess what that was about.

the other interesting thing was an instance where i sent 3 UDP packets to a certain address, with no response. i actually guessed the reason: they were being sent to jingping's laptop on campus, on the UofL wireless network, where it hasn't actually been connnected since early friday evening: i sent those UDP packets after midnight, more than 7 hours after she had disconnected.

why did this happen? one thing is, i may have left Skype running on the computer in my office, and during the day that was a connection to her laptop on the campus wireless network. or, i may have turned it off - sometimes i forget, usually i don't, but i don't usually remember if i remembered, only if i forgot (strange how that works). at any rate, for some reason, my computer, being connected with my Skype account, thought to check to see if that UofL address was still on, despite the fact that the account it had been associated with was now associated with another IP address. this doesn't make a lot of sense to me. some sort of cleanup work on Skype's part?

mysteries, mysteries.

http://nil.isi.edu/

oh, this is neat!

i saw an ICMP 'echo request' packet! i was in an IRC channel at the time, for the first time in like 10 years, so i thought maybe it was somebody there. but the request actually had a working URL attached, which is in the title of this post (http://nil.isi.edu/). it really was a ping, an automated, scientific ping!

internet is very, very interesting.

portsweeping

this is called portsweeping!

i saw another one, in China (Jinan, Shandong maybe), this one looking into port 6000, which can be used for remote keystroke recording.

somebody just sets up a program to search the internet for computers with vulnerable ports. it's like if someone could go and scan apartments for ones with unlocked doors or open windows - then send in the thieves! amazing!

MS WBT SERVER

watching the net monitor again, with network applications turned off. saw one unassociated address - tracked down to Henan, China. to look this up, i stopped the monitor and opened the web browser. then i started the monitor up again, and right away realized i had failed to check the port number.
luckily (or unluckily) i caught another one. this one was either in Georgia (.ge) or Turkey - i think the service is based in Turkey, but the address was in Georgia.

so, this address exchanged several TCP packets with my computer, none of which seemed to contain anything (i say this only because they had 'payload lengths' of zero - this is not something i have researched yet). they were exchanged through port 3389, which actually carried a label: MS WBT SERVER. what is MS WBT SERVER you ask? this is the port used by the 'Remote Desktop' utility in windows. obviously, this was something in the Caucasus searching for a computer with a somehow vulnerable port 3389.

how to tell if it's vulnerable? maybe if i was using the utility? i don't know. maybe he's watching me type right now, though i think then i'd be able to see him still. it was a total of 8 TCP packets, followed a couple of minutes later by 2 UDP packets.

very interesting!

skype port? broadcasts?

ok, very briefly because it's late.

if i leave the network monitor on for a while, it lists lots and lots of conversations between ARKIV (my computer) and other addresses out there in the world. most of these are UDP packets, but not all. of the ones that are UDP packets, i'm pretty sure that they're all associated with Skype. here is how i know:

the monitor does show when conversations are known to be controlled by a particular process like Skype. so, tonight, i record for a while, and i see two other addresses associated with Skype. one is jingping, i know, because tracert tells me that it's an insight address routed through Atlanta, and i already know that's our service in louisville. the other is somebody in new bedford MA, still in the comcast network. i don't know what that is.

anyways, so i can see jingping's IP address. it also shows up in the 'unknown' associated list of all those UDP conversations, with a different port number, 34268. all the other UDP conversations (most - i didn't look at each one) are also going to port 34268, so i deduce that they must also be associated with Skype.

so, apparently Skype is going to be an internet learning tool for me. it's very mysterious. are these other Skype users, using ARKIV as a waypoint for finding other users? i think that's what a supernode does, but from what i've read supernodes should have many, many more connections. so, i still don't know what this is all about, and skype's operations are kind of trade secrets which are hard to research online. still, i'm sure there's plenty out there for me to figure out.

okay, so there, i learned that i can identify a process by its port number. or, at least, i deduced it. it may be wrong.

well..

oh man. i haven't learned anything today, except that there's only so far you can take a visual simulation before it breaks. so, i've been measuring thresholds for a simulated observer at different spatial frequencies, for content within photographs which has been thresholded depending on a trial-to-trial staircase. it works pretty well for the images themselves. the original image gets compared with the image containing a thresholded band, and the observer is able to converge at a measure of the threshold over several hundred trials, similar to a human observer.

what i do is this: the original image gets filtered at the frequency in question, and the filtered image (the output of the filter) is thresholded and added back into the original image minus the filtered image. so, we actually have the original image minus the subthreshold content within the filter. if the threshold is zero, these two images are identical, i.e. they are whole, unfiltered photographs. this is the experiment as i originally ran it on myself, trying to find the just-detectable threshold (the threshold-threshold). to do the experiment simulation, the thresholded image then gets filtered again, meaning that the filter picks up the thresholded content along with residual off-frequency content. this is the only reasonable way to get the test content, since 1) that off-frequency content is there in the image and would be seen by the filter, and thus can't be ignored, and 2) the filtered band contains harmonics which wouldn't be seen by the filter.

naturally, i eventually decided to do the same experiment without the complete image; i.e., just measure threshold-thresholds for the content within the filter. i thought this would be straightforward - i just use the filtered image as the 'original', and the thresholded filtered image as the 'test'. but then, i thought, ah, almost screwed up there: the thresholded filtered image should be filtered again, just like in the original experiment. so, you can see the problem. the original content is lifted straight out of the source image, while the thresholded content gets lifted out of the source image and again out of the thresholded image, which means it will be multiplied twice by the filter. so, even if the threshold is zero, the test and original images will be different.

this is a problem. in fact, it must also be a problem in the original experiment. but, the test and original images in the original experiment are the same when the threshold is zero - i assume this is because the off-frequency content amounts to the difference between the filtered and double-filtered content, and adding the filtered content back into the image basically restores the lost content.

i need to think about this.

UDP packets

ok, so all those strange packets are UDP packets. UDP stands for User Datagram Protocol, which really means nothing to me. anyways, UDP can be used for broadcasting information across a network, and from reading a bit about it i get the impression that its generally kind of messy when compared with TCP. TCP (Transmission Control Protocol) is what is used to build a precise, static file, like a webpage or a file that you save on your computer. so, maybe what i'm seeing on my computer is just content that is broadcasted across the entire local network. still, i don't know why that is done, or why it would be done from far away places, but i'll figure it out.

promiscuous mode

was reading about 'promiscuous mode' the other night, but don't remember much about it. might explain some of the mystery traffic, but i think probably not. apparently you can tell your computer to go ahead and accept whatever traffic happens to wash over it, which i totally don't understand, and use this mode to monitor activity that isn't meant for you. but, i don't think my computer is normally promiscuous, so that may not be relevant. my laptop is probably a zombie, receiving secret orders from another zombie in bulgaria. wow! i'll figure it all out later. anyways, drove to connecticut this weekend with jingping, first time ever out of the City into the "new england". it was alright i guess.

hm..

looking at traffic again last night with the MNM, with the explicit internet applications all turned off. over something like a 20 minute period, there were conversations between my computer and maybe ten others from around the world. i checked a few of these addresses; one in bulgaria, one in italy, one in china. each was only a few packets. i didn't save the recording, which i think i'll do from now on, so maybe eventually i can figure out what these things are. is my computer a zombie? are these just scans or searches from computers in faraway places? i must know.

ports and NAT

ok, so i've been kind of curious as to what a port is. i still don't really know, but i think it's kind of like an address for a specific function within a computer. a computer has lots of ports. they're not physical things, more like indices for input and output.

anyway, i was reading about network address translation (NAT), and a part of understanding it requires the concept of ports. NAT is where a computer locally has one IP address, but to the rest of the internet it appears to have a different IP address, and possibly the same address as lots of other computers that are on the same local network. this happens because they're all on a private network, say, and they're all using a router to send info out into the internet, and get info back out of it. the router knows all of the computers on the private network by their private IP addresses, and it assigns each of these to a specific port number for its own IP address (the router being just another computer in the network).

so, when a computer on the private network sends a message out into the internet, its private IP address gets changed ('translated') into the IP address of the router plus a specific port number. incoming messages meant for that computer must have the correct port number; basically, for the router, port numbers refer to computers on the private network.

but that's not enough, because each of those computers is using different ports to do different jobs with different targets on the network: one port keeps in touch with the Skype supernode, one port is getting data for a file i'm downloading, and another port is sending the info that i'm typing into this blogger.com window right now. so, actually, the router has to assign a different port number to each port on each computer on the private network; so, for the router, a specific port number will refer to a specific port on a specific computer on the private network.

i'm pretty sure this is all true for the protocols that have to do with sending and receiving files. i still need to learn about protocols, but i think there are also protocols for sending packets to all computers on a network, so maybe you wouldn't need to know their port numbers exactly to do that. not sure.

anyways, there's some stuff about ports.

microsoft network monitor

oh, this is even better. i figured there must be programs for watching network activity in real time. i just googled "network monitor", and this was the first thing on the list: "microsoft network monitor". hey! i thought i'd see what it did.

what it does is exactly what i thought it did, and more. it keeps track of all the packets going in and out of the computer over a period of time. it also automatically bins these packets according to 'conversation', which is the set of [origin destination] that describes all of them. so, all the packets i send to jingping through skype fall in one bin, and all the ones she sends to me fall in another bin, for example.

last night i saw a couple of strange addresses communicating with my computer. i had turned off the browser, skype, and the chinese dictionary (which has some sort of homing beacon to beijing in it), but i still saw those packets arriving. where were they coming from? i don't know, except that one origin was in china (ningbo; 'zooz.org') and the other in australia (forgot the city). maybe my computer is a zombie! i will solve this mystery..

now, i need to learn more about packets and protocols.

netstat

okay, netstat is neat. it shows you a list of all the IP addresses to which your computer is connected by a port. i haven't figured out what exactly a port is yet, but i think it's just like some sort of i/o index for the computer. what's more neat is that if you type netstat -b, it will show you the list along with the applications associated with each. for me, this basically means firefox (chrome boo) or skype.

so, from this i have learned something interesting about skype. if you're just connected to it, you'll see some foreign address that's unfamiliar - i guess it's just like a neutral relay node or something, which you use to connect to other people. if you're currently talking with someone, in chat or phone, you can actually see their address directly. this is why skype is a 'peer-to-peer' service: you connect directly with the other person.

about IP addresses

so i've been reading about how the internet works, since i know absolutely nothing about it. one thing i learned today was that the IP address i see for my computer may not be, or probably isn't, the IP address that the internet sees, since it may just be an address within a private network. specifically, if an address starts with 192.168., it's definitely a local network address, and it doesn't make sense to look for it from across the internet.

so, i know slightly more than nothing now.

生活是婊子（命运多舛），original by Lemmy

不知你是谁
不知你的名
可你若想活
你得学竞争

你为何这里
没看见你脸
你若不想败
你得藏疤痕

让可怜人哭
你生活的路
让可怜人笑
你生活的路

离开时间到
你最好上路
别尖叫
别呼喊
三振就出局
我知很遗憾
没机会看秀
又害怕上司
杀掉告密者
只记住生活是婊子

Mr G's

Ben Gemel was hungry. He stalked past darkened storefronts, stared down a dazed hobo, and stood starkly at the corner of 5th and Elm. Ben Gemel had never been here before. He had only been in this city for a few hours. He looked south down 5th, east on Elm, north up 5th, and west on Elm, looking for some glow that might call out 'food sold here'. It was just after four in the morning. Ben Gemel saw a yellow glow, on a corner two blocks west. He read the letters on the sign, block letters arranged in two lines. "MR G'S DINE IN". A sign in the window said Mr G's opened at 4am. The menu looked reasonable. Ben Gemel started walking.

Ben Gemel had superior visual acuity. When he entered the Service, he was immediately singled out. The staff optometrician determined that his acuity was on the order of 20/2. He could get by fine without binoculars. At night, Ben Gemel could read a menu in a diner window from a thousand feet away. He could recognize a face at 5000 feet. He could do better when both eyes were good.

Approaching Mr G's, Ben Gemel noticed that the sky had cleared. He could see stars, and the approach of sunlight. Venus was over the horizon. Ben Gemel thought of Dalen Rutger. Was he angry? He probably was. It would be hard to keep one's composure, after such a humilation. When Ben Gemel reached Mr G's entrance, he paused. He looked through the round window at the top of the door, and imagined that he saw Dalen Rutger sitting at the counter, staring into his cup of coffee.

Sunk

"Station eight. In the field."

"I don't understand," said Dalen. He yawned, and asked "What do you mean?"

"The field," gasped Vic Hoyle. "Field." Vic's eyes rolled back, and he choked on his last breath. Images, remembered voices, and fragmented thoughts flowed through Vic Hoyle's mind. He made a final effort to piece together what had happened. Dalen's face was still in shadow, and Vic struggled to recognize it. His grip on Dalen's collar relaxed, and released, and his hand fell to his side, arm across his belly. Dalen sighed, and he waited for Vic Hoyle's last paroxysms of thought to dissipate.

"The field," said Dalen. With enormous effort he stood, and looked at the envelope he still held in both hands. He folded it once, along the shorter meridian, pulled open his jacket, and tucked the envelope into a pocket. For a moment he paused, his hand still in the pocket, still gripping the envelope.

From the same pocket he produced a tiny bottle, smaller than any of his fingertips, stopped with an even tinier cork. Inside was a miniscule seed, like a miniature cumin seed, brown with black striations from end to end. Dalen Rutger gazed at the seed, momentarily forgot where he was, that he was on the deck of a sinking ship, in a freezing harbor under a starry sky. Behind him there was a crash, of a crane or some other massive thing toppling into the water, and his reverie was broken.

Dalen placed the bottle back in the pocket with the envelope. He looked at the sky, looked for a familiar star or constellation. He thought about Ben Gemel, and about how he would make him pay for this disaster. He would pay in blood, and in tiny seeds.

From the shore Ben Gemel watched the flames rise from the sinking container ship. He knew that Dalen Rutger would survive, and that they would meet again.

A Train Ride!

(i never published this one for some reason; it's 3-26-12 now, here it goes, dated retroactively)

Vic arrived at work an hour late. He had been watching a stranger in the alley, from what he thought was a safe distance, through unusually heavy morning fog. He had missed his train, and had to wait on the platform with the front-end of the morning rush hour.

During his twenty minute wait, the platform had accumulated between fifty and sixty commuters, people who worked in the city in tall buildings. Most of them were supposed to be at their desks by eight o' clock. Vic was supposed to be at his post, selling tickets to travelers beneath the street at 9th Avenue Station, at seven o' clock.

As he boarded the 7:15 West Blue Regional to 9th Street, he glanced down the platform at all the commuters. Staring back at him from the same distance as he had been staring at the strange fellow in the alley a half hour earlier was the strange fellow himself. Ben Gemel caught Vic's glance and then quickly broke it, and boarded the train. As this is a common experience in public, and as he could not recognize the placid and anonymous face of Ben Gemel, Vic noticed nothing out of the ordinary, and boarded his own train car.

Ben Gemel took a seat in the nearly empty car. Lenape Station was the end of the line for the West Blue Regional, first and last stop. For the next twenty minutes, through six stops across the expanse of West City, the car was filled to capacity. Throughout his trip, Ben Gemel alternated between studying the attire of his fellow travelers and studying the smooth gray spot in the center of the palm of his right hand. At last, when the train came to 9th Street Station, Ben Gemel stood, thrust his hands into his pockets, and flowed out of the train with a third of the other riders.

Vic exited the train at the same moment as Ben Gemel, unknowing, and dodged across the station until he came to a door marked "MTA Personnel Only". He pressed his palm against a flat, black panel mounted next to the door, and pulled the door open. Inside, he was stopped at the security station, presented his credentials, and then rushed to his locker to retrieve his uniform.

Return

Ben Gemel was the figure in the alleyway, the one Vic Hoyle had seen in the morning. Through the fog, Vic could see someone pacing back and forth behind the church. Vic had stopped to watch. He met others in the alleyway sometimes, but when they were nearby, near enough to make eye contact, he never stopped to watch. It would be asking for trouble. But this morning Ben Gemel was far enough from Vic Hoyle that Vic felt safe stopping and watching. The mist added distance, made Vic feel as if he were further from Ben Gemel than he really was. He didn't realize this at the time.

Ben Gemel was looking for something he had thrown out of a window a half hour earlier. He had been meeting with a deacon, had brought something to sell him, and had noticed something interesting on the deacon's desk. A little brass disk, the size of a dime, with a loop on one side as if it were meant to hang on a necklace.

As the deacon rambled on about some righteous thing or another, trying to convince Ben Gemel to lower his price, Ben had concentrated all his mental energies on the brass disk. It was as if there was nothing else in the room! When the deacon stopped talking, Ben Gemel named a price. The deacon paused, smiled, and nodded. Ben Gemel stretched out his arm and opened his hand, palm up, in the space between himself and the deacon. In his palm there was a seed, tiny, tinier than a fennel seed, and heavier than the shoes Ben Gemel was wearing. Ben Gemel smiled a toothy smile at the deacon, and repeated his price.

The deacon crept forward, seemingly repelled by the miniscule object in Ben Gemel's upturned palm. He spoke one word: "Paid". He licked the tip of his index finger with a dry tongue, and pressed the fingertip into Ben Gemel's palm. There was a flash of light and a loud pop, and the deacon was replaced in the room by a pile of green ashes and an aromatic mist. Ben Gemel went to the deacon's desk, to the brass disk, and picked it up. He went to the window, pried it open, and tossed the disk into the alleyway.

Ben Gemel paced in the alleyway, searching for the disk. Vic Hoyle watched him from a smaller distance than was in fact safe or advisable. Ben Gemel knew he was being watched. He saw a glint of metal in a tuft of grimy gray grass, and knelt to have a look. It was his treasure. He picked it up, held it up to his one good eye, and smiled. It was a toothy smile.

Andrew,

I am wondering, how many lectures have you prepared?

How many pages of dissertation have you written lately?

Do you have a job yet?

Are you hungry?

Mystery of the Numerous Forks

Ah..

I hadn't washed dishes in a couple of days, so there was a pile of them in the sink. For one person, I use a lot of dishes every day. There was also a bit of extra silverware left over from the last time I dishwashed, I must have given up before finishing.

Anyways, I noticed what I had noticed last time I washed a pile of leftover dishes at once, that there were a bunch of forks in the sink. This was strange, because I absolutely never eat with a fork. That last time, and this time, I stood there wondering, where are these forks coming from? I thought about everything I ate, at different times of day, weekdays or weekends, and none of them involve a fork. I use spoons or chopsticks. Never forks.

So, I gave up thinking about it, just couldn't figure it out. I even fantasized that maybe it was a signal from someone, someone who had been sneaking into my apartment when I wasn't there, or when I was asleep. They might be trying to frighten me by doing otherwise unexplainable things. But, I figured that now I was sensitized to fork use, and the next time one came up, I would be sure to notice, and the problem would be solved.

This morning I go to pack my lunch, getting covered bowls of leftovers from the refrigerator and scraping selections into my lunch container. Sure enough, I used a fork, and then I tossed it into the sink.

Problem solved, life can continue now.