After reading an article about network monitoring with ngrep at Newsforge, I developed an interest in libpcap, a portable network packet sniffing library originally designed by LBL.
Packet sniffing is useful for a wide variety of tasks, particularly reverse engineering network protocols and spying on local network users. I found some Ruby bindings and started messing around. My first goal was to write a small network sniffer that would display http GET requests transmitted by any system on the network. I monitored packets transmitted by Firefox Get requests and managed to build a filter capable of extracting them. The filter also appears to work with Safari, and to a very limited extent, with IE, which appears to use a slightly different format for the requests.
Once I had basic GET filtering figured out, I decided to construct a system that would simplify filter extension. My PacketSniffer class allows me to add filters using pcap filtering strings and anonymous functions. The end result is a psuedo-language for network sniffing. Filter definitions look like this:
ps.filter 'tcp and dst port 80', proc {|pk|
if pk.tcp_data =~ /GET(.*)HTTP.*Host:([^\r\n]*)/xm
puts "(->) <#{pk.src}> http://#{$2.strip}#{$1.strip}"
end
}
The first argument of the filter method is the pcap filter string, 'tcp and dst port 80', which, in this case, tells libpcap to filter all tcp packets sent to port 80 of a remote server. The second argument of the filter method is an anonymous function that will be called every time libpcap receives a packet that meets the constraints of the filter string.
Next, I wanted to make an AIM message sniffer. Intercepting AIM packets is really not that difficult, it's just a matter of figuring out which port AIM uses (5190) and building pcap filter strings to grab packets sent to or recevied from that port. Parsing the packets OTOH is a pain in the ass. The OSCAR protocol is an insane mess and there are a lot of inconsistencies between various implementations. My aim_msg_parse function is really kludgy, but it is now capable of extracting the AIM SN of the user sending the message as well as the message itself.
The current version of my script works relatively well. In tests on my own network, it was capable of intercepting AIM and GET packets from OS X, Windows and Linux systems. If you want to try it out yourself, you will need my script, libpcap, and the ruby bindings. On Linux systems, you must run the script as root. I have not run it on a Windows system, but with a Windows port of libpcap, it might work.
Tags: ruby, programming, pcap, oscar
Posted on 2005-07-23
Ainalda and I did a software upgrade on the server today. This is our first upgrade since the Sarge roll-over. I am pleased to report that, to my knowledge, nothing is broken. If you notice any abnormalities, please let me know via e-mail. While I was tweaking the server, I took the opportunity to fix my Moot interface script so that my
I'm starting to get frustrated with the structural fallabilities of MoinMoin. Ainalda and I are both eager to develop a new Wiki system that will use an SVN back-end. Unfortunately, there are a number of issues that complicate CGI SVN access. We have discovered that local repository access from any user other than www-data will alter permissions and make the repository inaccessable.
We have looked at several systems that externally interface with a local SVN repository, and most of them are pretty convoluted. WebSVN is a PHP CGI system that provides a quality HTML interface for repository browsing. It uses a wrapper that sits on top of the svnlook command line utility, which is a really nasty hack. I started looking at other solutions, namely Trac, a Wiki, repository browser, and bug tracking system that integrates with SVN via Python. They use the official SVN Python bindings, which are the grotesque result of a failed Swig experiment.
Although no documentation is available for the SVN Python bindings, I did manage to find some semi-useful examples at Koders. Using those examples and some interactive Python pounding, I managed to produce a Python script that, when run as www-data, will display the requested file from a particular revision of the repository.
Tags: python, programming, subversion
Posted on 2005-07-11
Parrot 0.2.2 has been released! Parrot is a versatile virtual machine for dynamic languages. Though originally designed for Perl 6, it's power and flexibility have generated a lot of interest in the language development community. Parrot is distributed with a number of sample compiler implementations at varying stages of completion, including partial compilers for common languages like lisp, scheme, tcl and python.
The latest release features grammar and rule support in PGE, the Parrot Grammar Engine. Parrot also comes with utilties that convert PIR (Parrot Intermediate Representation) and PASM (Parrot Assembly) into PBC (Parrot bytecode). Those who are interested in learning how to implement languages for Parrot should start with the documentation. You may also be interested in my own (extremely weak) attempt at implementing PIR generators in Haskell and Ocaml.
I posted a blurb about it at LTU and got pretty decent response. A Pugs developer contacted me and invited me to contribute to his project. Pugs is a compiler that converts Perl 6 code into PIL and PIR. Apparently, the Pirate (Python-on-Parrot) people have a Google SOC participant working on a universal, generic AST layer, potentially with an S-Expression syntax. The Pirate and Pugs developers are now collaborating, with the intention of using a unified AST layer.
Tags: parrot, programming
Posted on 2005-07-09
I am currently working on designing an article management system to help me keep track of things. Unfortunately, progress has been slow. It took me a long time to pick a suitable back-end. At first, I wanted to use an XML serialization mechanism to store the data, but my experiments indicated that an XML solution would place severe limitations on scalability. After that, I began to look at databases.
SQLite was the obvious solution, but it has a lot of limitations that bother me. I also took a look at Metakit, an object oriented database library made by Equi4. Metakit is a good library, but I strongly dislike it's Python API, and it's lack of a true query system conflicts with the user interface paradigm that I want to implement. My final conclusion is that SQLite is best suited for the task.
I recently discovered that MozStorage, the Mozilla framework's next generation data storage system, will utilize SQLite. MozStorage will be used for Firefox's much needed new bookmark system. The current bookmark system has a vast number of deficiencies, and I ardently welcome improvements that will make it easier for me to manage and search my 900+ bookmarks.
Tags: python, programming
Posted on 2005-07-08
