Thursday, July 22, 2010

What does Analyzer?

Analyzer is not a simple network sniffer. Here there is a brief summary of what it can do.

Network Sniffer
Analyzer can capture (and display) packets on both the local machine and remote probes, thanks to the full support of the Remote Capture functionality of WinPcap.
Additionally, one of the most valuable point is the ability to parse network packets according to the protocol description contained in external files, which can be modified at run-time by the user. These files are written in the new NetPDL language; for who is interested in that, please read the Protocol Dissectors Section.
Advanced sniffing capabilities
Due to the full support of the WinPcap remote capture capabilities, Analyzer is able to display packets currently being captured on another (remote) host. This can be done even if the remote host is behind a firewall, thanks to the support of the Active Mode remote capture. Additionally, Analyzer supports also sampling in order to reduce the amount of traffic generated by the remote host toward Analyzer. Sampling is available also when capturing from a local interface.
End-to-end Reachability Monitor
Analyzer can monitor the reachability (through a set of ICMP ECHO, aka PING, packets) of remote host, saving data into a database and making additional statistics. The user can later retrieve historical data to see how the reachability of some host changed over time.
Additionally the user can set some alarm (e.g. "send an e-mail") in case of some event (e.g. "host down").
Local Network Host Monitor
Analyzer can discover the presence of the active station on your local network and display their MAC, IPv4 and IPv6 addresses, and their canonical name.
This module can monitor the availability of the stations and signal whether an host is up, is down, and so on. Furthermore, it can detect address spoofing (e.g. when the same IPv4/IPv6 address appears to bind more than one MAC addresses).
Additionally the user can set some alarm (e.g. "send an e-mail") in case of some event (e.g. "possible spoofing").
Network Sessions Logger
Analyzer can monitor the presence of TCP/UDP/ICMP "sessions" over the network, saving a database record for each session detected within a time frame. A summary of the session is then saved into a database for later processing.
Network Data Mining
Analyzer is able to apply Data Mining techniques to the database of the sessions, created with the Network Sessions Logger (NetLogger). This module is able to find some relevant relationships over the data which may be unexpected and it is able to give an insight about how the network looks like (e.g. which are the servers, which are the clients, and more). Furthermore, it can compare the relationships that come out from two different NetLogger databases and display the differences (e.g. a new server has been added to the network).
Event Handling
Analyzer has a module that manages events associated to the other modules and it executes the appropriate actions. The number of events and the actions associated to them are customizable by the user.

WARNINGS

  • Analyzer is a tool that is still under development. Please be patient when you use it.
  • Analyzer could not work with earlier versions of Windows 95
  • Analyzer does not work in Windows CE
  • Some features could not be supported on all platforms

Analyzer Roadmap

The first step is to get the WinPcap 3.1 out. As soon as this library will be released, we will release a beta version of Analyzer.

A 3.0 final version of Analyzer should came in September 2005.

The 3.0 release will provide a first, affordable tool. For instance, a lot of users are pushing for getting the 3.0 final out, even if some of our objectives (in terms of functionalities) are not reached. Refinements are expected in the next minor releases.

Saturday, September 12, 2009

The small series of the articles about Scramblers by MSM Group. Direct Inversion.

Direct inversion.
Final Part III.
Direct inversion of speech spectrum.

Author: SergUA6 6.0
Band Width 2700 - 3400 Hz, it can vary, depends of tasks.
Low Range 100 - 300 Hz, it also can vary.
RX mode All types of modulation.

Sonograms

pic.1 Spectrum of inverted speech


pic.2 Spectrum of normal speech



Direct (simple) inversion - is the direct(simple) inversion of spectrum. It is one of the most widespread sorts of speech's masking. It is easily recognised by ear (in the case of absence of the strong interferences) and by the form the spectrum: it is well-visible on the spectrum, that the main energy is concentrated in the upper band of the frequencys, what is unusual for speech. Those who saw a normal spectrum of speech and inverted atleast once , will unmistakably define inversion further, even if it is got mixed up with other features. For today this sort of masking Makes impression unless on absolutely trustful people. Direct inversion is easily defined, easily removed, and in general it is more suitable for creation of insignificant minor problems , than for masking.

Nevertheless, the direct inversion is still widely spread today, by virtue:

  • of it's simplicity
  • of the absense of synchronization (the weak place of all synchronized scramblers)
  • of the posibility to work in conditions of the strong interferrences
And anyway the function of the fast hiding of information is realized, althought the direct inversion isn't a barrier even in real-time.

The inverted spectrum is very easily formed by following steps:
  • the frequency of inversion usually around 3000-4000 is selected
  • after multiplication of an initial signal (speech) with this frequency is occuring
  • then the lower lateral is selected from resulted DSB signal. This lateral is the inverted spectrum of the initial signal

The modern tools allows to do it very qualitatively. The same manipulations with the signal are used for restoring.

SA Update: version 6.0.6.4.

SA Update:
Reverse synthesis of FSK/MFSK signals.


New in version 6.0.6.4:

  • the minor problems are solved
  • some algorithms are optimised
  • ability of reverse synthesis FSK/MFSK of signals is added

What is the reverse synthesis for? There is the certain problem with the signals, which have poor enought quality. If, in SA, it is possible to define parametres, and there is the possibility to save the signal in the better quality compare to initial one, then it is desirable to do it. We will consider a standard example.

Which is managed to be found in Internet by me. It is well-visible, that the level of interferences is very high. Standardly used, in such cases, amplitude limiters do not make the situation better.

Nevertheless, SA allows to define paremeters of this signal reliebly enough, and moreover, SA allows to save the resulting signal in the much better quality.

Reverse synthesis removes both out-of-band noises and interferenсes and in-band ones, which are hardly can be removed by other tools. The difference is perceptible both by ear and by sonograms:


Reverse synthesis in SA, restores the signal in the same frequency positions, and with the same frequency spacing and speed of manipulation, as an initial signal.

There are more examples:

BulDiplo - is the high-speed enough signal.

On the record of Chinese modem MFSK-64 - almost complete suppression of noise is well visible.

Ofcourse, reverse Synthesis, as any other tool, has it's own field of application.

No need to use it too much and all the time, no need to expect that this tool will solve all the problems with the noisy records.

The positive accuracy and thoughtfulness is needed, some experience and skills are also required.

Attention please: Never represent similarly edited records for analysis.

Everywhere and always I insist that the analyst should have for the analysis completely initial, not touched (and not edited) material. Only the analysit solves what to do with this material and how to do
it.

Reverse synthesis is the tool of analysis, but not the tool of decoration of the records for the further analysis.

Protocol Analyzer

Protocol analyzer extends your ability to troubleshoot enterprise networks by easily gathering trace files across the network, from the network core to the most isolated segments and everything in between.

A Protocol Analyzer is today considered an essential part of the Network Manager's toolkit. The traditional view is that analyzers are useful for troubleshooting networks while SNMP tools are better for trending and service management. This document asks if a Protocol Analyzer has a role to play in the day to day management of a network? Protocol Analyzers may cost many thousands of dollars, or they may be completely free. Manufacturers, of course, all claim, sometimes extravagantly, that their products will sort out all your problems when used on real life networks. Are these claims justified? Are the costly products genuinely better than the free ones? Will you find out more if you use an expensive product? Are the sophisticated features useful enough to justify the cost? How do you decide which product best suits your needs?
What can Protocol Analyzers be used for?

Protocol Analyzers, often called "packet sniffers" after Network Associates market leading Sniffer product, capture packets and decode them into their component parts. Whether free or costly analyzers all do the same basic job. It's fairly obvious how analyzers can be used to troubleshooting network problems. Once a problem is detected packets are captured and analyzed and the details of the communication can be worked out. But analyzers can do more than this and, in fact, turn out to be surprisingly useful in many aspects of network management.

Brimrose NIR Analyzer

A new series of miniature near-infrared (NIR) spectrometers is said to offer a cost-effective tool for inspecting incoming raw materials and product quality control. Compact, battery-powered Model 5030 ATOF-NIR Portable Analyzer from Brimrose Corp. of America, Baltimore, allows laboratory tests to be performed anywhere in a plant environment. The instrument, which sells for $28,000 (compared with $40,000 for larger units), is reportedly insensitive to ambient light, vibration, dust, and dirt. Its design allows for quick switchover from solids to liquids, and results appear instantly on its LCD. Applications include material identification or measurement of moisture content and active-ingredient levels. Once the instrument is calibrated, it reportedly can be used by an inexperienced operator.

gas analyzer

The Thermal and Evolved Gas Analyzer (TEGA) is a scientific instrument aboard the Phoenix spacecraft. TEGA's design is based on experience gained from the failed Mars Polar Lander. Soil samples taken from the Martian surface by the robot arm are eventually delivered to the TEGA, where they are heated in an oven to about 1,000ºC. This heat causes the volatile compounds to be given off as gases which are sent to a mass spectrometer for analysis. This spectrometer is adjusted to measure particularly the isotope ratios for hydrogen, oxygen, carbon, nitrogen, and heavier gases. Detection values as low as 10 parts per billion. The Phoenix TEGA has 8 ovens, which are enough for 8 samples.

A residual gas analyzer (RGA) is a small and usually rugged mass spectrometer, typically designed for process control and contamination monitoring in the semiconductor industry. Utilizing quadrupole technology, there exists two implementations, utilizing either an open ion source (OIS) or a closed ion source (CIS). RGAs may be found in high vacuum applications such as research chambers, surface science setups, accelerators, scanning microscopes, etc. RGAs are used in most cases to monitor the quality of the vacuum and easily detect minute traces of impurities in the low-pressure gas environment. These impurities can be measured down to 10 − 14 Torr levels, possessing sub-ppm detectability in the absence of background interferences.

RGAs would also be used as sensitive in-situ, helium leak detectors. With vacuum systems pumped down to lower than 10 - 5Torr—checking of the integrity of the vacuum seals and the quality of the vacuum—air leaks, virtual leaks and other contaminants at low levels may be detected before a process is initiated.

oxygen analyzer sensor

An oxygen analyzer sensor, or lambda sensor, is an electronic device that measures the proportion of oxygen (O2) in the gas or liquid being analyzed. It was developed by Robert Bosch GmbH during the late 1960s under supervision by Dr. Günter Bauman. The original sensing element is made with a thimble-shaped zirconia ceramic coated on both the exhaust and reference sides with a thin layer of platinum and comes in both heated and unheated forms. The planar-style sensor entered the market in 1998 (also pioneered by Robert Bosch GmbH) and significantly reduced the mass of the ceramic sensing element as well as incorporating the heater within the ceramic structure. This resulted in a sensor that both started operating sooner and responded faster. The most common application is to measure the exhaust gas concentration of oxygen for internal combustion engines in automobiles and other vehicles. Divers also use a similar device to measure the partial pressure of oxygen in their breathing gas.

Scientists use oxygen sensors to measure respiration or production of oxygen and use a different approach. Oxygen sensors are used in oxygen analyzers which find a lot of use in medical applications such as anesthesia monitors, respirators and oxygen concentrators.

There are many different ways of measuring oxygen and these include technologies such as zirconia, electrochemical (also known as Galvanic), infrared, ultrasonic and very recently laser. Each method has its own advantages and disadvantages.