ttmap 0.1
Sponsored Links
ttmap 0.1 Ranking & Summary
File size:
0.21 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1276
Date added:
2006-04-26
Publisher:
Pawel Foremski
ttmap 0.1 description
ttmap passively analyzes values of TCP Timestamps in captured IP packets. After collecting enough data, it computes characteristic remote machine parameters.
These values let it guess remote operating systems and identify unique machines behind a single IP address. For example, it can analyze remote IP load-balanced clusters.
After successful initialization, ttmap starts analysis of packets received on selected network interface. For this, it uses the libpcap library, which injects captured packets to the ttmap_callback() function.
Next, the program checks if received packet is a TCP one and whether it has TCP Timestamps Option. If yes, then ttmap reads essential data from it and passes it to the process_packet() function. However, if the packet has RST or FIN flag set, then a special procedure is called, which removes any data regarding the connection being closed, if any.
The process_packet() function matches a single packet to a TCP connection. It checks whether number of packets collected in a single connection is enough, and if it is, the control is passed to the identify_connection() function.
Now, ttmap has enough sample of packets which were received from a single remote machine to find the proportionality factor (the jiffy), let it be the a parameter, and system start-up time, let it be the b parameter. For best results, the program uses linear regression method from the GNU Scientific Library. Provided that the quality of obtained values is good enough, what is discussed later, an internal database holding information about already identified machines is queried for calculated remote system characteristics. If nothing matches, a new remote machine is detected; if there is a match, then machines a and b parameters are corrected by mean value.
Due to various delays and fluctuations that packets traversing the Internet might be subject of, the obtained data might be of low quality, ie. there will not be any linear function matching collected (time, TCP timestamp) points. So, for best results, only the points lying close enough to the best-fit line should be accepted as meaningful. The ttmap program checks whether ratio of covariance (returned from GSL) and obtained a parameter is small enough. A similar situation appears when querying the internal database for matching machines - here the program user may configure acceptable "delta" for a and b parameters.
When a new remote machine is detected, an informational message is printed to the standard output. Such message contains machines a parameter, with a corresponding remote operating system guess, and b parameter, with probable time when remote machine was turned on (in local timezone).
These values let it guess remote operating systems and identify unique machines behind a single IP address. For example, it can analyze remote IP load-balanced clusters.
After successful initialization, ttmap starts analysis of packets received on selected network interface. For this, it uses the libpcap library, which injects captured packets to the ttmap_callback() function.
Next, the program checks if received packet is a TCP one and whether it has TCP Timestamps Option. If yes, then ttmap reads essential data from it and passes it to the process_packet() function. However, if the packet has RST or FIN flag set, then a special procedure is called, which removes any data regarding the connection being closed, if any.
The process_packet() function matches a single packet to a TCP connection. It checks whether number of packets collected in a single connection is enough, and if it is, the control is passed to the identify_connection() function.
Now, ttmap has enough sample of packets which were received from a single remote machine to find the proportionality factor (the jiffy), let it be the a parameter, and system start-up time, let it be the b parameter. For best results, the program uses linear regression method from the GNU Scientific Library. Provided that the quality of obtained values is good enough, what is discussed later, an internal database holding information about already identified machines is queried for calculated remote system characteristics. If nothing matches, a new remote machine is detected; if there is a match, then machines a and b parameters are corrected by mean value.
Due to various delays and fluctuations that packets traversing the Internet might be subject of, the obtained data might be of low quality, ie. there will not be any linear function matching collected (time, TCP timestamp) points. So, for best results, only the points lying close enough to the best-fit line should be accepted as meaningful. The ttmap program checks whether ratio of covariance (returned from GSL) and obtained a parameter is small enough. A similar situation appears when querying the internal database for matching machines - here the program user may configure acceptable "delta" for a and b parameters.
When a new remote machine is detected, an informational message is printed to the standard output. Such message contains machines a parameter, with a corresponding remote operating system guess, and b parameter, with probable time when remote machine was turned on (in local timezone).
ttmap 0.1 Screenshot
ttmap 0.1 Keywords
TCP
IP
TCP Timestamps
Remote machine
ip packets
ttmap
remote
packets
values
parameter
timestamps
ttmap 0.1
Networks
System
Bookmark ttmap 0.1
ttmap 0.1 Copyright
WareSeeker periodically updates pricing and software information of ttmap 0.1 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of ttmap 0.1 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
packets of salad dressing
remote car starters
couldn't get process information from remote machine
ttmaps
remote control
seed packets
remote controls
tt map
packetstorm
remote desktop
remote control airplanes
netbios remote machine name table
rca universal remote codes
emergen c packets
remote control airplane
sunblock packets
packets animation
universal remote codes
Related Software
TcpCat is a very lightweight tcp util. Free Download
mpscan is a parallel network scanner that checks for open ports. Free Download
Statistics::Gap Perl module is an adaptation of the Gap Statistic. Free Download
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. Free Download
etPan is a console mail user agent based on libEtPan! Free Download
libtcp++ is a C++ class library to facilitate the creation of TCP/IP clients and servers. Free Download
NetEclipse is a suite of tools created for testing TCP/IP weaknesses and using them in a non-conventional way. Free Download
ipsvd is a set of Internet protocol service daemons for TCP/IP and UDP/IP. Free Download
Latest Software
Popular Software
Favourite Software
