Here I present some examples of BitTorrent protocol interactions.
Wireshark can be used to analyze BitTorrent protocol interactions in TCP/IP.
Remember that BitTorrent’s peer protocol operates over TCP or uTP. At the time of writing, Wireshark could identify correctly a uTP connection, but unfortunately would not decode its contents as a BitTorrent protocol session. It decodes it fine for TCP/IP connections.
The Handshake message flows in both directions, this means that each peer sends an handshake message to the other.
“Extended” message examples
In these messages we can see which extensions are supported by a peer / downloader.
Port, Interested, Unchoke example
A request for a piece of a file:
The reply with the piece’s data contents:
Not Interested example
Downloader Peers screenshots
Usually, when a peer is connected to another one, the remote peer appears in the “Peers” tab for a torrent.
Most virtualization platforms provide some sort of mechanism of communication between the the hypervisor and its guest virtual machines. “Open VM Tools” is a set of tools that implements such communication mechanisms for VMware™ virtual machines and hypervisors. In this book we analyze each of these these tools and APIs, from high-level usage to low-level communication details, between the guest and the host. This information can be used for a better understating of what actually happens when using a guest machine with these tools. It can also be used as inspiration for using and extending guest-hypervisor communication and penetration testing.
Mitigate i.e. singling out all the illegitimate IP packets, while allowing legitimate ones to pass through
“To detect the attack, we use the netflow sent by the routers and analysed by the Arbor Peakflow boxes. Each router sends a summary of 1/2000 of the traffic that is actually passing through it. The Arbor Peakflow boxes analyse this and compare it to the attack signatures. If the comparison is positive, mitigation is activated within seconds.
The signatures analysed are based on traffic thresholds of
“packets per second” (pps, Kpps, Mpps, Gpps) or
“bits per second” (bps, Kbps, Mbps, Gbps) on certain packet types”
DDoS attack types
For example, Guard-Host acknowledges the following DDoS attack types:
DDoS Attack Types
In the following diagram, the packets in the red area are flagged as belonging to a DDoS attack and are thus discarded and not sent to the server under attack.
Traveling Ruby consists of a set of multi-platform portable Ruby binaries, which can be used to distribute Ruby-based products and run them even in machines where Ruby is not installed. It’s very useful, as you can also use it to pack multi-platform applications.
Traveling Ruby is a project which supplies self-contained, “portable” Ruby binaries: Ruby binaries that can run on any Linux distribution and any OS X machine. It also has Windows support (with some caveats). This allows Ruby app developers to bundle these binaries with their Ruby app, so that they can distribute a single package to end users, without needing end users to first install Ruby or gems.
A Code smell is an interesting Software Engineering concept. According to Wikipedia, a Code Smell
“refers to any symptom in the source code of a program that possibly indicates a deeper problem. According to Martin Fowler, “a code smell is a surface indication that usually corresponds to a deeper problem in the system“. Another way to look at smells is with respect to principles and quality: “smells are certain structures in the code that indicate violation of fundamental design principles and negatively impact design quality“.
NOTE: StyleCop works with source code, whereas FxCop works with compiled files
Most of these smells lower your code’s quality and maintainability. Be sure to include some of these detection tools on your development processes, as well as appropriate coding standards. Automatic noncompliance detection can be accomplished by adding these tools to your build process.