SYNOPSIS

use Devel::Peek;
Dump( $a );
Dump( $a, 5 );
DumpArray( 5, $a, $b, ... );
mstat "Point 5";

Devel::Peek contains functions which allows raw Perl datatypes to be manipulated from a Perl script. This is used by those who do XS programming to check that the data they are sending from C to Perl looks as they think it should look. The trick, then, is to know what the raw datatype is supposed to look like when it gets to Perl. This document offers some tips and hints to describe good and bad raw data.

It is very possible that this document will fall far short of being useful to the casual reader. The reader is expected to understand the material in the first few sections of perlguts.

Devel::Peek supplies a Dump() function which can dump a raw Perl datatype, and mstat("marker") function to report on memory usage (if perl is compiled with corresponding option). The function DeadCode() provides statistics on the data "frozen" into inactive CV. Devel::Peek also supplies SvREFCNT(), SvREFCNT_inc(), and SvREFCNT_dec() which can query, increment, and decrement reference counts on SVs. This document will take a passive, and safe, approach to data debugging and for that it will describe only the Dump() function.

Function DumpArray() allows dumping of multiple values (useful when you need to analize returns of functions).

The global variable $Devel::Peek::pv_limit can be set to limit the number of character printed in various string values. Setting it to 0 means no limit.

POE::API::Peek is a Perl module to peek into the internals of a running POE environment.

POE::API::Peek extends the POE::Kernel interface to provide clean access to Kernel internals in a cross-version compatible manner. Other calculated data is also available.

My intention is to provide massive amounts of internal data for use in POE debugging.

WARNING

This version of this module is certified against POE version 0.38 and above. It will fail on any other POE version.

Further, this module requires perl v5.6.1 or above.

METHODS

new

my $api = POE::API::Peek->new();

Returns a blessed reference. Takes no parameters.

id

my $foo = $api->id();

Obtain the unique id for the kernel. Takes no parameters. Returns a scalar containing a string.

KERNEL UTILITIES

is_kernel_running
if($api->is_kernel_running) {
# do stuff...
}

Tell if the POE Kernel is running and active. Returns 1 if the Kernel is running and 0 if it is not.

active_event
my $event = $api->active_event();

Get the active event name. Returns a string containing the event name.

kernel_memory_size
my $size = $api->kernel_memory_size();

Get the memory footprint of the kernel and consequently the entire POE environment. See the Devel::Size documentation for several caveats involved in this metric.

event_list
my $events = $api->event_list();

Gets the list of events for the whole POE environment. Returns a hash with the session IDs as the keys and a list of events as the values.

which_loop
my $loop_name = $api->which_loop();

Tell which Loop POE has decided to use. Returns the string name of the Loop module.

Peek-A-Boo project is a PHP script that obtains and displays images that random LiveJournal users are currently uploading to their accounts, worldwide, at any given moment.

Traffic Prioritizer is designed to run on a Linux router and prioritize users traffic by their bandwidth consumption.

It is aimed to shape the "bandwidth greedy" clients (P2P, YouTube, IPTV, etc.) so that the ones who are just browsing do not lack bandwidth.

Air Traffic Controller project is an air traffic controller simulation.

Airtraffic is a game/simulator that puts you into an air traffic controllers hotseat. Planes come into your airspace from various directions and you have to guide them safely to their destinations. It uses Python, Corba, and GTK.

Statistical Traffic Analysis Kit is a set of command-line traffic analysis tools, designed to help a network administrator to see what is happening at a router at the moment.

Unlike tcpdump (1), the stak set uses statistical and stream-oriented methods, and will rarely produce an output stream at a speed beyond human perception. The output is less accurate.

The kit consists of five different utilities, designed to perform the following tasks:
estimating overall traffic rates (stakrate),
determining network nodes generating the highest traffic (stakhosts)
monitoring the amount of traffic exchanged with particular autonomous
systems (stakasta),
extracting strings from packets (stakextract),
determining connections and flows generating the highest traffic
(stakstreams, experimental),

Network Traffic Analyzer analyzes the network traffic on multiple network devices and creates HTML statistics with some network usage graphs. Sometimes it is good to know, how the network is used, how many bytes were received and how many bytes were sent.Therefore, here is Network Traffic Analyzer, which creates simple network usage statistics.


Such statistics can tell you, how good your network connection really is (who cares about what Internet provider say, when was the network down, which time is the best time for downloading large packages of data etc. etc. Or with this software you can just better imagine, how many traffic can your home computer generate.

This is a traffic generator. It is used to check what massive amounts of traffic of certain type will do to an intervening network.

It does not try to measure throughput or response times. It has been made with the question in mind: If 100 clients does simultaneous TCP transfers for 2 days, will my router break? Or can I configure my firewall while 50 people are doing large TCP transfers through the device?

IP Traffic Meter is a traffic counter for IPv4 addresses. It uses the DB4 database from Berkeley to keep its counters, the pcap library for monitoring, and the gd library from Boutel to create graphics. The results are displayed in JPEG graphics on an HTML webpage.

Whats New in This Release:

· With ipmeter you can monitor the traffic made by some IPs. It produces daily, weekly, monthly and yearly statistics into jpg graphics. It uses db4 database from Berkeley to keep its internal counters, and gd library from Boutell to create jpg graphic.

Network Traffic Analyser provides a script-driven network traffic monitor.

Network Traffic Analyser (formerly known as sniffer) is designed to be an extremely powerful, configurable, and versatile tool for monitoring network traffic.

It can be used as a plain sniffer, as a tool for accounting, dynamic firewall updates, and many more things.

It features scripting support and an event-driven architecture.

The idea behind this project is to create a powerful tool for playing around with network traffic. The basic concepts are simplicity and flexibility. Instead of building tool that does something specific (and does a good job at it), were trying to build a tool that will be able to do whatever you want it to do (and still be good at it :).

To put it very simply, you write a script that will be invoked for every packet that passes through your network. You write your scripts in a Tcl, fully blown, interpreted programming language. That fact guaranties that you wont be constrained in your creativity.

Useful Traffic Accounting Dragon is a traffic accounter that actually gives useful information about traffic instead of stupidly counting incoming/outgoing packets.

Dragon accounts traffic by user, program and timestamp and puts this information into useful correlation.

Dragon is implemented as a Perl script for the backend, using /etc/passwd to automatically get information about user accounts, /proc/net/ to get information about open connections and /proc/ to get information about running processes and which processes currently use which network connection.

All this information can be combined so you can actually see what user caused which traffic using what program and when it happened.

All this information is acquired automatically so the minimal configuration necessary is to tell dragon where it can find its MySQL database.

Whats New in This Release:

Features:
· cleanup on CTRL-C
· add patch for Linux Kernel 2.6.17.7
· for now, graphs are disabled in the webfrontend
· webfrontend has now Total, User and Program tabs

Bugfixes:
· forgot to close a filedescriptor fixed
· use leading zeroes on port numbers in messages about connections that no longer exist
· really fix wait for next minute

Python Traffic Analyzer is a Python base class and sample driver script written to retrieve and manipulate images from the TrafficLand cameras and calculate a numeric value representing the current traffic flow.

PyTrAn, an example driver script, an image collector and an image mask creator are available for download from the link shown at the bottom. To use the PyTrAn package begin by choosing a camera that you wish to analyze, for this example well use the camera captioned above.

We want to construct a mask over the area of the image that we are interested in, namely the road. In this particular example the road takes up the majority of the image but that is not always the case.

We will apply the mask over captured images to fine tune the area over which we are looking for movement. To create the mask we will first need to collect a sequential series of snapshots from the target camera. The image_collector.py script was written for this task:

$ mkdir mask_200003
$ cd mask_200003
$ ../image_collector.py 200003 30
Collecting 30 images...
30

Done.

The script is hard coded to capture images on a 2-second delay. The delay is necessary to ensure the image has changed. I believe 2-seconds to be the absolute minimum. Once complete, 30 images numbered 1 through 30 will be created in the current directory.

We construct a mask from these captured images by creating a diff-image for each sequential image pair and then adding each diff-image together. Naturally, a script was written to automate this task as well:

$ ../mask_maker.py 1 30
Creating a diff for each sequential image pair.
Diffing 29

Creating the initial mask from the first image pair.

Adding the rest of the diffs to the mask.
Masking 29

Done.

A number of .diff files are generated in this process. These files repesent the movement between individual sequence pairs.

The .diff files are simply intermediary files, the important bit is the mask file, which is generated as the sum of all differences.

The mask file may be dirty (as in this case) and require manual cleanup. The basic shape of the road however is clearly visible, evidence that we can with minimal effort automate the mask generation process. Also, this run was conducted at night, day-time images yield better results.

There are a few final steps we need to take before we can use the example PyTrAn driver script. First we need to convert the mask to ASCII (noraw) format:

$ pnmnoraw mask > mask_200003.ascii

Then we need to open an ImageMagick display window and get its X-window-ID using xwininfo. Finally, update camera_id and window_id in pytran_sampling.py and launch the driver:

$ ../pytran_sampling.py
DEBUG> grabbing frame from camera 200003
DEBUG> rotating image: pytran.this > pytran.last
DEBUG> refreshing image in 3 secs
taking a 5 minute sample at various thresholds.
DEBUG> grabbing frame from camera 200003
DEBUG> generating frame diff on pytran.last, pytran.this
DEBUG> displaying image: pytran.diff
DEBUG> converting pytran.diff to ascii
DEBUG> calculating traffic ratio...
ratio[5]: 55%
DEBUG> calculating traffic ratio...
ratio[10]: 52%
...
...
5 minute sample[5]: 67.88
5 minute sample[10]: 42.66
5 minute sample[15]: 30.57
5 minute sample[20]: 23.03
5 minute sample[25]: 18.39
5 minute sample[30]: 14.79
5 minute sample[35]: 12.42
5 minute sample[40]: 10.53
5 minute sample[45]: 9.06
5 minute sample[50]: 7.85

The sampling script will take 5 minute samples at varying color thresholds. The optimal threshold must be manually chosen. Furthermore, you will need to sample the traffic ratios during both heavy and light traffic times to get a good feel for your acceptable range. Also, keep in mind that the traffic ratio value is simply the percent change detected, or in other words the movement detected within the masked region. This means that a completely empty road will register similar values to a road so congested it looks like a parking lot. The time of day can be combined with the traffic ration to determine the logical truth.

With this task implemented and abstracted more complex systems can be built. When I find the time Id like to create a system that will take multiple potential travel routes and times, and during the travel time e-mail the traveler with the best route to take. Another idea I had would be to record the traffic flow values for each camera, for each day and for each half hour interval. Travelers and other interested parties can then analyze traffic patterns to determine the fastest route dependant on date/time.

Simple PHP Internet Traffic Shaping in short SPITS, is a PHP Web Interface for managing traffic control queueing disciplines (qdiscs) and classes. Iptables rules are used in order to classify the packets. It currently only supports few qdiscs and iptables rules with few matches.

Traffic Control Super Script implements traffic shaping for IP traffic passing through a NAT/bridge box with a single configuration file with one line per host.

Traffic Control Super Script can manage bandwidth to user-specified speeds based on the u32 classifier, and can identify traffic by source, destination, source and destination port, protocol, and ToS field. It then limits the rate of connection in either a single or a bidirectional fashion.

Whats New in This Release:

· This release adds multiple interface support.
· It adds an option to choose between flat file and MySQL rules databases.
· It fixes bug #1469742 (duplicate group breaking child / parent relationships when direction=bi on group definitions).
· Various minor bugs have been fixed.
· There are major code cleanups, and major documentation updates on the Web site.

Traffic Control - Next Generation (tcng) is a revision of the Linux network traffic control infrastructure that aims to make the configuration language less cryptic, and provide better interfaces for software and hardware accelerators.

The goal of this project is to revise the network traffic control infrastructure of Linux to overcome shortcomings of the existing architecture, and to make it more extensible.

In particular, we try to resolve the following issues that are present in other similar programs:

Create a more user-friendly configuration language
Provide interfaces for straightforward interaction with network management
Allow seamless integration of hardware accelerators

The code consists of two major components, the traffic control compiler tcng and the traffic control simulator tcsim. Both are described in some more detail below. Since tcng and tcsim share many support files (e.g. the whole regression test system), they are both contained in a single package, called tcng.

This site contains the source code and information directly related to tcng. Pointers to sites with information on traffic control in general can be found in the links section below.
This project started at the beginning of 2001 at EPFL ICA, continued until mid-2002 at Bivio Networks (tm), and has now become one of my spare time activities.

Whats New in This Release:

· the "mtu" parameter in TBF is now optional
· tcsim now uses KVERSION[NUM] instead of KFULLVERSION[NUM] to avoid breaking if EXTRAVERSION contains multiple dots or other surprises (reported by Eduardo Grosclaude)
· scripts/runtests.sh now runs commands with LANG=C, to avoid localized error messages (reported by Eduardo Grosclaude)

fl0p provides a passive OS fingerprinting tool.

fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.

This approach differs from the techniques used by most other passive
sniffers and mappers, and is advantageous in several interesting ways:

- General flow behavior remains largely unchanged regardless of whether
cryptographic tunnels or other obfuscation techniques are used. As
such, backdoors or firewall evasion techniques that for example
use SSL on port 443, can be told apart from browser traffic, and
further investigated.

- General insight into legitimate encrypted sessions can be gained; for
example, it is possible to remotely tell successful and failed SSH
authentication attempts apart, and react accordingly.

- Human actions can be told apart from automated efforts: it is possible
to ignore SMTP client programs, but single out humans manually
interacting with the server on port 25; similarly, automated SSH
login attempts can be told apart from human actions.

Whats New in This Release:

· Chained signature support added.
· SMTP signatures

fl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences.

It can also can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.

This approach differs from the techniques used by most other passive sniffers and mappers, and is advantageous in several interesting ways:

- General flow behavior remains largely unchanged regardless of whether cryptographic tunnels or other obfuscation techniques are used. As such, backdoors or firewall evasion techniques that for example use SSL on port 443, can be told apart from browser traffic, and further investigated.

- General insight into legitimate encrypted sessions can be gained; for example, it is possible to remotely tell successful and failed SSH authentication attempts apart, and react accordingly.

- Human actions can be told apart from automated efforts: it is possible to ignore SMTP client programs, but single out humans manually interacting with the server on port 25; similarly, automated SSH login attempts can be told apart from human actions.

Term::TtyRec::Player is a Perl module that playbacks ttyrec data.

SYNOPSIS

use Term::TtyRec::Player;
use FileHandle;

# $handle is any IO::* object
my $handle = FileHandle->new(file.tty);
my $player = Term::TtyRec::Player->new($handle);

# options can be set as hashref
my $player = Term::TtyRec::Player->new($handle, {
speed => 1, nowait => undef,
});

Term::TtyRec::Player playbacks ttyrec recorded data. See pttyplay and Term::TtyRec for details about ttyrec.

METHODS

new

$player = Term::TtyRec::Player->new($handle, %attr);

constructs new Term::TtyRec::Player instance.

play

$player->play();

Plays recorded data on your terminal.

peek

$player->peek();

Plays live-recoded data to your terminal. This method implements ttyplay -p option.

hearnet is a simple granular synthesizer driven by your incoming network traffic.

SuperShaper-SOHO is a traffic shaping setup for DSL connections which prioritizes VoIP and interactive traffic and makes sure P2P traffic doesnt saturate your uplink.
IPCop 1.3 and newer is known to work and is the preferred deployment setup. Firstly, be sure to disable the integrated traffic shaper in IPCop 1.4 if you use SuperShaper-SOHO.