User login

Weekly Report -- 02/11/2012




Short week this week.

Managed to add a couple more protocols to libprotoident: SUPL and Cryptic (an MMO game company). Spent a lot of time still trying to hunt down the particular Korean P2P application that I'm seeing a lot of in my data, but no success. Nonetheless, I've written a rule for it and added it to our set of "mystery" protocols.

Started looking over our old libprotoident technical report with an eye to submitting it for publication again. There are a few problems with this approach though: 1) OpenDPI doesn't exist anymore. A fork called nDPI lives on, but I'll need to re-run all the validation/comparison tests using nDPI. 2) nDPI uses all the same function and variable names as PACE so these had to be all renamed to prevent horrible linking errors when building / running my comparison program, which links against both libraries. 3) The Auckland monitor that has the only copy of the full-payload traces I had used for part of the original validation is no longer responsive.