 So, I got to talk about freaking Blinky Lights today. I'm going to be talking a little bit about how to do something kind of off the wall, network monitoring with Arduino. I always want to play with electronics and get some stuff going with Blinky Lights, and I've always been just a real fascinating, kind of one of those people who sit there and stare at the switch and watch the lights kind of turn off and on and just kind of get mesmerized. I don't know what the deal is with me, but stop lights, whatever. I can pretty much just get me to stop what I'm doing if you put something in front of me that's turning on and off. My name's Steve Osepik, no Steve. So this is my talk. Just a quick note, the quality of some of the images in the presentation are of the homemade variety because of some legality reasons we're not allowed to use the copyright images and things of that nature, so I do apologize in advance for some of the quality here. So just kicking right off. So this is kind of where I came from, right? The idea of modeming, and there used to be kind of this concept that you could kind of see what the heck you were doing while you were online. You had RD and SD, my kind of original, like, my favorite Blinky Lights in the world, which meant actually RD was always the best because it meant you were downloading something. So there was this kind of visual cognition, tactile feedback, probably tactile is wrong words, I think it's like physical, whatever, but it's like a feedback kind of, like, I do something. I push something on the, you know, on my keyboard, I see it on the screen and then I know what's going over my serial port, going off the phone line because I see this kind of Blinky Light thing happening, right? So then a lot of stuff happened from then, so progressing through time, I kind of just took arbitrary things out of the history of networking. So I think like there was like 56K and then net explosion, thank you. I think there was like a explosion of internet stuff and then YouTube was somewhere in there and a bunch of other stuff and then mobile and now there's a cloud and I think he's like smoking a cigarette. I got one of these like disclaimers here about that, you shouldn't do that, but it's like a, it's, so it's kind of like this, a lot of stuff's happened, right? The whole idea of this slide, I think, I think what I was thinking was basically stuff's a lot faster, TCPIP, protocol diversity, it's not just as simple as RDNSD anymore because you're talking about a lot of different protocols, a lot of different hosts, a lot of different stuff going on at the same time. It's a very, very chatty thing we got going on, somewhere along the line we sort of lost track of what our machines are doing. It's just, and so we've got this, you know, this idea, this link light. We also have like connection pools, longer sessions and stuff like that. I don't know what the hell my machine's doing anymore, right? And, and yeah, my, you know, my, my net stat hurts. I'm actually thinking about getting a bumper sticker says that, but that, I guess the, the, the bad sign is when a two minute PCAP file is larger than a two minute MP3, I think we have some serious stuff going on in the wire. So it all comes down to the fact that, dude, the activity light is solid, man. It's just not, basically, we have one LED, right? It's like a total missed opportunity because you got like this one LED and it says, something's happening. And so you, anything you do, it's like, is something happening? It says, yeah, something's happening. It's like solid. It's like, that's all we can ask. That's all we can, that's all we really know. So again, I really apologize to this, especially for this, especially like whoever's involved, because apparently whoever takes pictures of these guys, copyright ceremonies too, but the, basically it comes down to this. Richard Batelik and Bruce Schneier, if you want to, if you want, if I want to legitimize what I'm doing up here, the industry experts are saying monitoring first. Monitoring first on the grass roots, most lowest level is what we're talking about here, which is the little blinky lights in the front of the modem. Monitoring first, if you take it to its extreme, it's kind of knowing what the hell your machine's doing at a time. The actual quote from Bruce, by the way, those are muscles. I want to make sure you knew he had a shirt on there. Okay, that's, but basically what Bruce Schneier said in Cryptogram, actually 2001, about 10 years ago. Monitoring should be first step in a network security plan, something administrator can do today to provide immediate value. So that makes me feel a little more legitimate in this talk. But basically that's the concept, right? If you know what the hell is going on, you can do something about it. And I think we skip monitoring, we go right to enforcement. I know that's what happened with network access control. I was in that business for a long time, and we would come into networks and say, hey, we're going to kick everyone's ass. And that's not supposed to be here. We'll kick everybody off. And you'd get them all fired up, and people would come up with these really cool rules. It sounds really nice. Like, hey, if they're transferring this much data, this data raid at this time of day, then kick their butt. And then the CEO would come in, be on his way out of town at 9 PM, try to copy the presentation down for the boardroom, and get kicked off the network, and everybody get fired, and we'd lose the account. So the idea is that, why is that? Why did that happen? Why do people want to enforce before monitoring, right? That's kind of goofy. Because if you were monitoring, you'd know that that kind of stuff happens. You'd know that that rule's crazy, right? We try to create this kind of big brain that says, oh, we're going to feed this brain all this data, and then the data, it's going to learn, and it's going to understand your network better than you do. And then it's going to make these kind of interesting rules. If you take it a step farther, and you're talking about some of this, you know, the learning mode and things like that, don't get me wrong. I mean, we need that stuff. We need to make it better, but we need to also understand what the heck's going on. So you start talking about monitoring, and it's like, well, wait a minute, we have all this cool stuff. And on the side, I like to write these little miniature screenplays and throw them in the trash, so you get to see one. So basically, you mean like IPS, IDS, NAC, Sniffers, Scrapers? Yeah, OK. And then, no, I mean like what the, you know, OK, yeah, WTF the box is doing, right? And then, yeah, but try Wireshark, Newbie. And then it just kind of devolves from there. I don't really know what happened after that. But there's something about the fact that Wireshark is for analysis. And then, I don't think that has any value at all. But basically, yeah. So the idea is that Wireshark, the takeaway is that Wireshark's for analysis, OK, and not for the kind of thing I'm talking about, which is this real-time kind of tactile, I keep using that, misusing that word, but this sort of real-time feedback that you're getting from the thing. So like the old days, right? Something that's good excuse for Arduino. It sounds good on a DEF CON schedule. Freakin' blinky lights. It's a, of course, something gives you visibility. So now I'm going to start butchering some other words, OK, visibility versus visualization. I don't know, there's no, this is me talking about trying to figure out how to do the differentiation. It's not that these words totally, you're going to look them in the dictionary and they have this difference. This is just me kind of trying to express something. But I'm going for something that's peripheral. OK, I'm trying something that is going to tap in your cognition, OK? Cognition, we'll talk about that in a little minute, a little bit here. I'm making up my own distinctions. But visualization I'm thinking of as like the Wireshark, right? I'm thinking of visualization as maybe even these beautiful graphs that do stuff and they're like big pie charts and end top kind of looking things and all sorts of beautiful things you do with static data sets. Because you have a lot of computational time to kick this thing's butt, right? You have like a big bunch of data and you've always got all these cycles and you can visualize something statically. I'm trying to go for something a little different on the other hand spectrum which is like the real time stuff, OK? So it's more tactical, military term, visibility is thinking about, I used to, I think my closest stint with the Navy was playing Secret Service on the Converter 64. So it was like, it said visibility low, visibility poor, and then like battleship would sneak up on you and kill you. And then I'd load the trainer and kill everyone else. But the thing was that there was this idea that you only have a certain amount of visibility, only a certain amount of ability to react to what's happening based on what you can see, right? So visualization taps into our ability to reason, right? To figure things out. It answers questions. Visibility might, or visualization, excuse me, might cause us to, it might answer questions. Visibility is more like it taps into our cognition, OK? And maybe it causes us to ask questions. I only sort of know what I'm talking about, real time cognition, but examples are driving like video games and like things like sports. And I just kind of realized it's probably like a really bad thing to bring up at DEF CON. But basically, yeah, so it's like the real time kind of like, why are you good at sports? And it's not because, well, I sit down, I get the basketball and I sit down, I project the arc and I'm going to exert the right amount of force to get into the basket. It's because, I don't know, man, I just, that's what I do, right? I just, whatever it is they do in basketball, I just like slam on those guys all day or something. It's like the one where they, yeah, OK. So direct connection between the senses, right? So it's because you're able to like react to something. You're able to see it. It's out of the corner of your eye but you're able to do something about it, right? It's the same with video game, little sniper and you know, whatever. You can get really good at that. You're not thinking about, you're just doing it. It's a cute perception of a sight, variances and stimuli which sounds like freaking awesome. Here's the scholarly reference that it, I think this means what I think I'm talking about which is real time cognition, best described, not as a sequence of logical operations performed on discrete symbols kind of hanging in there on that one but as a continuously changing pattern of neuronal activity. So what I take away from that, this poor Michael Spivey who got cited at DEF CON and Rick Dale of University of Memphis and Cornell University, there you go. What I take away from that is it's a flow. It's not so much that you stop doing something. It's not like chunked up like general analysis is. It's more like this flow. It's like this tie-in to human stuff. So with that, that's enough of that crap. Let's play with electronics. All right. So this whole USB thing, so it's gonna light up here in a minute. I'll show you the idea of these peripherals. I thought, well if you have things like USBs, Nerf shooters, and Ninja detectors, and LED Christmas trees, this huge market like ThinkGeek makes a lot of money on this stuff. If you have all this stuff that's hanging around your desk, maybe that's the place to put this. I started off this idea actually a while ago thinking that I was gonna put it in some little window in the side, like you put it in maybe in a little square or something somewhere on the screen. And that's all well and good, except every stinking application just is like, it'll just grab focus from you all day long. If you ever try to preserve something on the screen, unless you tap into some sort of OS call light, stay on top or whatever, you're not gonna be able to do that. It's gonna get thrown away. There's also like the dashboard icons and stuff, like you could flip to dashboard, but that's not always there. You have to hit the dashboard button, dashboard pops up, and I don't want this big flashing thing that says you got owned like 20 minutes ago. I'd rather have something, there's also like little widgets in the system tray where you have about five pixels to work with. So I thought, I want something on the desk because look, there's a lot of room around the desk where the laptop sits. There's actually a lot of room there, so that's a good reason. Another good excuse to do something with Arduino. The crazy idea is I want to render network data on LED matrix in real time. Okay, I want to use things like colors, motion, stuff that I can do, any creative, whatever thing I can somehow put together to actually show what's happening, I want to get a feel for it. I want to tap into this pattern matching. People are real good at this. I mean, it's like that thing where something's wrong with the car. I'm terrible at this stuff. I'm not a mechanic when I stretch the imagination. But I know that if something's going on and I turn the wheel a certain way and I get this little bit of vibration, I get this little bit of feedback, I notice that it's different. Maybe there's some cars that move a certain way and you kind of get, you just naturally sort of take in how this thing's working and you start driving around, you know, whatever, and then it starts vibrating. You know, hey, that's different. I think it goes back to cavemen. It's like they came out and there's like seven buffalo out there and then they came out the same time next year and it's like there's two buffalo out there and it's like, dude, it's time to get the hell out of here. You know, we got to find more buffalo. It's like this pattern matching. It's actually based on our ability to survive. I think it's a survival mechanism, to be honest with you. So, serial box is the name of this thing. No cute name or anything. The word serial box, like the cute version with S-E-R-I-A-L was taken by some, I don't know, something out of the 90s or some other program. So I just like, well, how I just got serial box. The reason I call it that is because, I don't know, how many people in here like have read the back of serial boxes? I mean, do you guys kind of know what I mean? I see some hands are like nodding, yeah, I know what you mean. I mean, it's just the most inane bullshit on the back of those things, you know? It's like, why the hell am I doing the maze to get like, you know, the cocoa bird or whatever to the freaking, you know, so he can get his hook up at the end of this, I don't get it, you know, but I do it, why? Why do I do this to myself? And the reason is, honestly, the reason is because it's there. That's why. I wish I could tell you something smarter than that. I wish it was, I wish I could actually say that it's because, I don't know, something to do with my childhood and something that had to do with, you know, market analysis, but it's just because it's there, okay? And the thing is that we're big on that. If it's there, we'll play with it. And that's what I want. I want this thing to be there, right? I want it to be in the background. I want it to be something we can kind of see out of the corner of our eye. That's why I call it, by the way, cereal box, in case, you know, so pattern detection, it lets us see the variances without digging in. It's just enough. It's just enough information. I can't, I mean, I got, you know, I'll show this here in a minute when I get it doing stuff, but I've got this much space to work with, okay? I've got a tiny, tiny little bit of space to work with. So I can't do all the things I would want to do. I can't see all the things I want to see, but maybe that's good. Maybe that's a force for me to think, well, what do I really need to see, right? So I base it on the Arduino Uno, which is real cool. It's a little board based on a chip called the Atmel, Atmega, 328. I'm not a hardware hacker. Any stress imagination. These tools are really nice. Makes it really easy to do this stuff. It's an 8-bit RIT CPU. It's 16 megahertz, so pretty powerful. But I'll tell you, it's got 32K of Flash, which means that's how big your program can be once it's compiled. But it's only got 2K. It's got 2K of SRAM, which is a real, real interesting thing, especially if you're gonna do anything kind of higher end. You definitely will push that pretty much with any project you do. 2K SRAM, what that means is that's how much space you actually have to actually do your stuff, right? That's where you store your dynamic data structures. Your static data structures, those can sit in Flash. You can access those at runtime. But your static, your dynamic data structures, which of course, network data is anything, you know. If anything, it's dynamic. You have to store that in your SRAM. USB powered, there's serial communication with a chip, it's the Atmega, U2, that. The only reason I bring that up is there's no hardware handshaking. So those of you who go back to the modem days, it's like, I'm sitting here in 2001, I'm talking about this hardware, and RTS, CTS would be like a feature. I almost had to write X on, X off on this thing. But I could, as you know, you can't, I mean, I would have to Flash the thing, and I don't know how to do that. So basically, I just made it run kind of slow. I decided, well, at that point, I remember 9600 ball was pretty good. It's pretty, you know, that's the speed that it's kind of rated at, or it comes out by default. So I just figured, well, anything I do, I'm gonna keep it inside of this window. One of my limitations is 9600 ball. You can get that for about 30 bucks. There's also something called a color shield. This is a really cool little thing. This is something that, the things for Arduino are called shields. So when you see the word shield, that means that's an add-on board for the Arduino. And this one is a shield that has a chip on it to control LEDs. So it makes it very easy. You'll see a lot of, if you go on to YouTube and you type in Arduino LEDs, you'll see a lot of wire wrap and breadboards and stuff where people are doing a lot of cool stuff there, but they're having to do it all manually and hook all the stuff up together. This makes life a lot easier if you're gonna play with LEDs, with blinky lights. IT Studio sells it for $15. It's, and they also sell a multicolor LED matrix for about 21. So at the end of the day, we're at about 66 bucks for this, so not too bad. I mean, if somebody picked this up and started making a whole bunch of them, mass producing, probably get down really cheap. You know, probably produce something like this for 10 bucks or something, but for hobbyist electronics, you know, that's not too bad. And you can do a lot of other stuff with this. It's a nice thing. You're not just stuck with whatever this is. So the design goals have to be simple. Have to, I'm gonna send stuff from the host. The host, of course, it can't sniff, it's just USB. So I have to have a sniffer on the box, on my own box, but then the sniffer's going to send that data, whatever data I'm interested in, over the serial link, and it's gonna render it on the Arduino. Serial box, the code that's running on the Arduino is in charge of rendering that to the screen. Okay, that's its job. Its job is to render anything I send it to the screen. I have 2K SRAM, minimal data processing, should be easy. I want you guys to be able to play with this. The source code, you already have it. This is kind of fun. I don't know if you know this, you already have this. It's on the, the source code for it is on the Defcon DVD. So you actually have it right now. So I was hoping, I'm kind of glad that not everybody got up and left. I thought maybe that was gonna do it. So I saved it to the middle, but I think, I think we're okay. So data points, here's what I'm sending, MAC address, IP address, TCP or UDP port, and country code. Here's the, here's what it looks like. Okay, this is, so I can say I wrote my own protocol, but really all I did was I just took like, one was open, two was closed, and then I just put a bunch of other stuff in hex separated by commas. So if you could call that a protocol, yeah, then. So when I'm trying to show off in front of the girls, I say I wrote my own protocol, but really you guys know the truth. It's just, it's just nine, it's just that many characters, however many characters that is across serial link. All that stuff's already there. By the way, basic C, good enough. I know you guys are getting antsy to see some stuff. So by the way, text processing and C, this is the kind of thing that where I'm kind of a purist and I always think, well, or I think of myself as a purist, which is probably completely false, but I think of like, man, why do we have these high level languages like Java and Ruby and all this stuff when I could just be programming C and it was like the good old days and I really, really wanna like just take advantage of every little register on my processor and do everything like super fast and you kids these days and all that kind of curmudgeoning stuff. But then you actually sit down, it's like, okay, Rockstar, now you have to process a string and C, right? And it's like, oh, son of a bitch. So this is the thing. I mean, you're just gonna see a lot of this kind of stuff. It's probably full of God knows what security, somebody's gonna like totally pwn your cereal box, but it's basically just taking advantage of that. Taking one character in at a time, going through the ASCII table, I have the ASCII table in .com or whatever in my bookmarks now and just staring at it. So this is the cool stuff, Color Duanio Library. It's huge help in dealing with the LEDs. Setting an LED. So for those of you who try to figure out how to do this, it's very simple. There's some basic code there to do it. If I want to set coordinate three X3, Y8 to blue, I'm gonna do set pixel directly or I could do it using a pointer and do increment. I didn't write this. This is by this dude, LinkoMatic, and he's awesome. I sent him an email and let him know I'm gonna be doing this talk. So I sent him a recording of this, but I was just very impressed with it. It's a very, very cool library. This is something I did. This was kind of my contribution, right? Where I had this problem where I couldn't, I only have 32K flash and 2K SRAM. I didn't want to store a big stack table in memory to convert country code. You're gonna see why this is important in here in a minute, to RGB values. So what you're going to see is one of the views. There's two views I'm gonna show you. One view is going to show you all the connections that are on. It's gonna fill up the matrix, the LED matrix with all the different sessions that are being done by the machine and it's going to color code them according to what country, using G-O-I-P, what country I'm talking to, okay? How I did that was basically took the country code and using the random thing that's inside of C. I just kind of made up a color on the fly. The random is pseudo-random, so it's not really random. It's always gonna be the same. So once you learn the color for a country, and oddly enough, US was green. So I thought that was kind of interesting, but some other countries were red. And you'll find those out on your own. But it was kind of apt, I'm just saying. So it's just the way that it worked. You just sort of realize how, that basically, yes, that's US, because I've memorized that. I don't even have a list. I couldn't give you a list. I would have to actually send all the country codes to this thing to give you a list of all the colors. It's gonna do it on the fly, but it's always gonna be the same. And then, so yeah, the first letter turns to green, turns all in green, turns in the blue, and all that stuff. So, okay, so now's the part of the talk where I try to show you how this works. First what I'm gonna do, so here's the challenge. As you can see, I was wearing a shirt there. Don't let them fool you, okay? It's just V-neck or something. It was late at night, you know. But here's my main problem. You can't tell what the hell's going on there, right? I mean, the whole thing is that it's all blown out. So, this was the challenge. I was like, how am I gonna go for a Def Con? How am I gonna show these guys how this works? So I'm gonna do two ways. I'm gonna show it on there and just kinda do the little hold it up, like show and tell in front of the school thing. And then, I've got a movie that'll show up on the big screen where I had, I found this old camcorder. It's like the only way I could do this. The old camcorder had like a exposure switch, and I could turn the exposure way down. It actually looked real good. So, let me, now this, I worked this out with the AV guy. We'll see if this works here. Okay, cool. So, let me jump over here. Here's what I'm doing. Basically, this is a Perl script that comes with it. It's also on the DVD. I'm doing Perl, let me make this a little bigger. Perl, that's PerlCBPL. It gives you usage if you don't know how to do it. The interface, the IP, the source IP, and the actual serial port that it's gonna talk to. So, remember this is going over serial. It's actually serial emulation over USB. I guess it's not really emulation, it's actual serial. But, so PerlCBPL, blah, blah, blah, and get that going. And then, from there, down here, this is, I'm doing the TCP replay thing. So, what should happen if we're lucky and the demo gods don't frown on us, there we go. Okay, so what's happening here is I'm doing a TCP replay from some PCAP stuff I recorded. And what's happening is every time something comes up, it's gonna render it to the screen. Actually, I think I picked the wrong one, but you can kind of get an idea of what this looks like. Actually, I think this is about to freak out. I picked the port scan one. I think I picked the port scan one. Yeah, I picked the port scan one. So it just kind of, well, okay, now, so you spend $66 on this thing and everybody comes by your desk and like, really, seriously? Okay, so let's try another one that's not quite as crazy as that. Actually, I stopped the wrong thing. I work through this stuff like 20 million times and then I get up here and crap all over myself. Let's do browsing. Browsing sounds good. So let's start up our daemon again. It's real simple to reset itself if you stop it. Just give you a feel for playing around with this stuff and how this works. So don't worry, guys in the back, we're gonna show it on the big screen here in a minute. But just to give you sort of a feel, right? Again, it's gonna be much better on the screen because in the screen you can see what I'm doing and there's this analog. Remember this is all about comparing and pattern matching. But what's happening is, as I connect to different websites, the lights are turning on, lights are turning off, as connections open and close, they're turning, here we go, you know, here's some more and some more and it just kind of floating around like that. So that's view number one. This sits on your desk. You have 128, you have 128 lights actually. It's two screens of 64. So if you go over 64, what'll happen is, and I hope I'm not underserving anyone here, this is kind of a wide room, but the lights will, if it goes over 64, you'll start getting two different screens, it'll switch back and forth using a timer. So I'll just set that there and let it sort of just, see it's kind of like active right now, like I was doing a whole bunch of stuff there. So it's just, oh, there's some blue, there's some blue, there it flipped over to the other screen. Okay, so, you see, I get really excited about that. I have a hard time setting it down. So now we'll show the movie and the movie will help. Let me see here. So first one is the session. This is where we're doing the session view. So again, very similar to what you just saw in real code in real time. So zooming in here, this is the Arduino IDE, okay? So this is going to, this is where you type the code. If you want to write code, I mean you can type in whatever you want, but this has the upload button. This is actually handy. You push the upload button, you send it over to serial, and then it flashes the Arduino with the code from the thing. So then coming over here, there's our Perl script thing. Again, you just fire that off. Really the only argument is just getting it set up. And then from there, I'm gonna pan down and this is much easier on the eyes. You can see the little guys start to fill up there. So there's some stuff going on. So if your network card was a giant modem and it had LEDs on it, I think this is something like what it would look like. And so then I zoom out a little bit and you start seeing where I'm browsing the web and doing other stuff. I'm trying to be cognizant that this is being presented at DEF CON. So I'm going to like kind of unoffensive sites and things that don't have my session key in the URL. I also cleared out the Google search window ahead of time. And so yeah, pretty much pretty boring stuff here, but there is something coming up that is particularly interesting as far as like the country code. You notice everything's green. So all the stuff I've been going to is in the US. So here in a second, it's gonna go and we just kind of keep talking. It's gonna go to another country and we'll see how the lights kind of change. So you notice that as it's just sitting there, nothing's happening. This is kind of interesting. Interesting to me anyway that these connections stick around as long as they do. Oh, they all went away. That's just the way the web servers work, right? They have that connection open thing. You're connecting to Apache. It's leaving the session open for a while. It's preserving its connection pools. Here we go, here's some blue. Some blue. You're gonna tell all the people out there who's talking to be like, there was this part and he hit something and it was blue. It was awesome. And so that's because I went to BBC UK. So you see there's still a smattering of other things. It was like green and blue and Tiger Woods on there. And then there's a guy with a frowny face so I had to click on him. And so, and that wasn't at all what I was expecting, by the way. So basically this is the thing, right? This is the session thing. Okay, okay, so that's cool. Now, back to, let's see if I can get back here. This is gonna be the trick. Cool. Okay, so data storage. So how am I doing all that? Well, I do store it in an array. I do, it does have to know. See I was trying to make it as stupid as possible. I was trying to make the Arduino as stupid as possible. I was trying to make Perl script as stupid as possible. I just want everything to be stupid, right? I was just trying to make everything stupid. So I couldn't do that because the Arduino had to be smart enough to know when I say close, where it's at, right? I have to be smart enough to know that I'm gonna close the session. So how would I do that? I store the IP in the port in an array. There's nine bytes per array. I had to do the math, came out to like 1.2K. I was like, oh my God, I took up 1.2K. That's such a beast. It's like bloatedware, you know? So there's the array multi-dimensional. Isn't that awesome? Say multi-dimensional. It's different positions of the LED matrix and then I've got a little two hex command that I wrote in there function to convert this stuff over. So that's some code there. Meter mode. So I said there's two views. Meter mode is the next one. Let me go ahead and show you that. Think about, so this was the other thing I was thinking, and again, the main thing here is just try to get you being creative. I mean, the whole idea of this talk is, okay, I did the session view. I did the meter mode. I want you guys thinking, or somebody smarter than me to say, hey, what about this foot mode? What about this view? What about this view? And you know, it's all kind of stuff we could do. So this is, and this is still on here. This is, you know, I just realized this is still running, right? So I probably lost most of you. You're probably like staring at that thing. You know, it's just distracting. Oh, here we go. So meter mode. All right, so now we're gonna upload the meter code. There's two different programs. I originally had them combined into one program. One thing was that when I combined them in the same program, I think I ran out of SRAM. You don't know except that the blinky lights start doing like some kind of stroby, nasty thing, I think is the scientific term. And it just, like, I'll tell you what, when this thing freaks out, it freaks out hard. It's kind of cool because I wanna go back and just see all the different ways I can freak it out. Okay, what this is, what my recording self is trying to show you here is that the different things you're gonna see, think about an equalizer view out of like the 80s or something like your old stereo system. You know, it was really cool when you got a stereo system and all of a sudden it shows up and it's like, wow, I can see the notes. I can see the bass and I can see all the trouble. I can see the notes and they're jumping up and down. Of course, that was a whole another stage in my life where I sat in front of one of those all day. So this was where I kind of took it, which is this stuff here, we've got eight. So if we got an eight by eight matrix, we got eight lines to work with. So I'm gonna define web, DNS remote, mail file. So these are different things. So web traffic, 8443, DNS traffic, remote protocols like RDP, SSH, mail stuff like Pop3 and SMTP file protocols. I also put like Kerberos and things you would use to like get logged into your domain controllers or whatever in there. So enterprise, file sharing, whatever stuff. And then if it doesn't match that, it's an under 10. Under 10 is exclusive with those other things. If it's some other port under 10,000, other 10,000 don't mean under finger or whatever it was, but under 10,000 is, I'm probably completely wrong. Somebody like, no, it's not 10. And then somebody do it. So under 10,000 and then over 10,000 is gonna be the other one. And then local is the only one that'll pop up in addition to the other ones because if it's on local link, then it'll fire up there. So that's that. And actually, you know what I'm gonna do? I'm kind of getting out of my own rule here. What I'm gonna do before I do that is upload the, yeah, I'm gonna upload it to the board we're playing with here. So I'm gonna control C that. I gotta get off of the serial before I upload the code there. Or bad things happen. So this is my other program. Originally I had them both, like I said, originally I had them combined. There actually is a way to combine these. You can do that. It's possible. It's definitely possible. The thing is that the, I didn't like the fact that my session view was getting clobbered by my meter view. So here's the meter view, okay? To give you an idea. Each of these be in different color. The colors we just looked at. You can define them however you want in the code. But basically those little guys are gonna jump up and down based on what kind of traffic you see. So let me run same. Really it's the same. I could do the same TCP replay thing. Let's fire this up again. It's gonna reset. Turn on load up. And then I'm gonna replay that, okay? And so what you're gonna see is stuff start jumping up and down. So you notice web is jumping up and down there. Don't worry, I'm gonna show this on the big screen too. Web is jumping up and down a lot. You're gonna see DNS. Number of things just sort of, actually I think I turned off DNS. This is something that's important about this program. I actually made DNS an option. There is one more little option here because I noticed that if you put DNS in the session view, you're just gonna flood it with DNS in there because your machine just fires those off like crazy. So actually I'm gonna do a redo here and add the flag DNS so that you can actually see the DNS. There we go. And you notice that the white thing is jumping up and down too as the DNS is jumping up and down. Well that's because the DNS server is on my local network. So anything that's a DNS session is also gonna be a local session. So let's throw in the big screen here. So let's see. So there, see my recording self is a lot smarter than Defconn self because he remembered to put DNS in there. And actually he's kind of flaunting it because he highlighted it. You see that? That guy's kind of bastard. So here's the meter. And there we go. So we're rocking out to DNS. We're rocking out. Like this, the base is hitting and somebody's just wailing the guitar. And then so then you hit the different stuff. Like I'm showing my kind of friendly web browsing here. There we go. So you notice, now remember that this is session based. If I send every single packet over this link, it would be a fire hazard, right? So I can't send every packet. I have to send over 9600 bot. I have to send the link data, the session data. So you might be browsing and be opening up a bunch of pages on the same site. You'd be stupid, no, Steve, this shit doesn't work. And it'll be like, no. And then you gotta remember that I said this that it's only when you open up a new session. So if you go to another page, then it'll start working again. And hopefully I'll be off the hook. So there's just, like I say, just some generic browsing going to different sites. So that's kind of fun. And then I think here somewhere I start to get into another protocol. So again, now at this point, let's see. So there's some stuff. You know what that probably is? That's probably Skype. Skype is actually a really chatty son of a gun. What you'll see too, this was actually kind of fun while I was working on this. I actually had it going. A lot of times as I was working, I just sort of have it going on the desk. And actually I got really attached to it. I go to bed with it at night now. So, but the thing is that what you'll see is we have a dispersed team. And somebody over from Sao Paulo, my friend Rodrigo, will send me a message. Hell, there's me doing, there it is, remote desktop. I know you guys would appreciate this. There's no CA, right? I thought you guys liked that. So look, there's some other colors, you know? And then I think that one was purple. So then you can say then after it was blue, it was purple. So then it goes to remote desktop because so you get the picture, you get different file sharing stuff. You get different colors based on what you're doing. So the whole thing is it was fun with a session view. What I would see is if Rodrigo is about to send me a message is that thing that says Rodrigo is typing in Skype. And so before I even knew Rodrigo was sending me anything, I would see the color for Sao Paulo, for Brazil, which is magenta, it would show up. I'd be like, ah, Rodrigo's gonna send me a message. And bam, Rodrigo's gonna send me a message. It was really cool. And then it was like, my other buddy Tom McKenzie over in the UK says he's gonna send me a message. And also I see blue. I'm like, ah, Tom McKenzie's gonna send me a message, right? So that was kind of fun. It's kind of cool. You actually learn a lot about how your different protocols work. Oh, here we go. I didn't show you this. I should have been talking about this. This is, this is the whole thing, right? This is the whole, this is why this is kind of interesting. Security, this is the security application. What I'm doing here is I'm gonna actually launch a port scan. So it didn't really zoom in. If I should have zoomed in there. Maybe I did, no. So I did an end map up there in the corner and left hand corner is an end map. And check it out. Holy crap, the thing's pegged. This is that part where it's like, I turn the car and it makes a funny noise. I don't know what the hell's going on and something's wrong. And you start talking about warranty and you look at the fine print and you realize you're out $1,000. But this is that part, right? Where you know something's different. The pattern matching thing. It doesn't usually do that. If I was in a call center and I had no idea about computers, I had no idea about networks, I could stand up and say, something's f'ed up, something's wrong. The blinky lights, they're doing weird shit, man. So now we get to the fun part. Now we get to see. Okay, we get to see something cool here in a minute. This was my thing about no handshaking. Message size 32 bytes, 37 messages per second is probably about the most we can get. There is another thing, the great thing about embedded, the great, awesome, wonderful thing about embedded is, anytime you have a really, really difficult computer science problem or whatever, you talk to people and they're like, disks are cheap. Processors are cheap. Computers are cheap. Let's just solve it by throwing just a whole bunch of really, really heavy instructions at it and it gives a crap so I can go make it a happy hour. So that's not the case here, right? You actually, it's almost like playing Sudoku or something. You actually, it's a puzzle. You have to figure out, from the beginning you're, you're, you're screwed, right? You have to, you know that you have to be very, very careful and you have to be performance conscious from the, from day one. So you have to do the math, do the nice 600 bod, two bytes and I have nine, nine bytes or whatever. I did the math, I could get about top end 37 messages per second, probably realistically only about 32 messages per second. So the other thing was in session mode, I had this thing, this concept that you're gonna hit a ceiling and the problem is you're gonna fill up 128 lights and then you're not gonna know if you're getting port scan. I really want that whole thing about, oh man, something screwed up, right? I want that, that concept. So I made something called inferno mode. Inferno mode is this meter that needs to, that basically keeps track of how many connections are coming in and I preferred, you know, I was thinking preferably something kind of psychedelic, you know, to like, at least if you're getting like, totally owned, you could be like, whoa, look man. My, my little blinky lights are like, oh, fuck that. So, so overload detection, right? Define overload 90. You can define this whatever you want. That's conservative. This is a very conservative number. If the number of commands are overload, mode nine is the bad one, right? So, so I'm down to, I'm down to five here. So I think this is actually gonna work out just about right. Here comes inferno mode. Port scan. So we're just gonna end map ourselves. You know, it's a good example. It's reconnaissance. Somebody's doing reconnaissance. Okay, so yeah, just one, three, six, five, five, three, five. Da, da, da, da, da, da, da, da, da, da, da, da, da, da, da. So I'll let you know. I didn't do the plasma effect, but I did the frowny face, okay? Yeah, so that's the whole thing, right? So I think that's kind of the international symbol of your screwed, right? I actually, I tried to put, it's pretty sad because you don't have a lot to work with. You know, you're kind of screwed when you don't even have enough room to write LOL. So that is the high point. From there, just so you know, the whole thing about the Perl script I'm running on here, it does work on Snow Leopard, which is cool. It does work on, of course, Linux, BSD, whatever. It's just Perl. Had a little bit of trouble getting it to work on Windows. I think I'm gonna take another stab at that because I think, you know, to make it universal, we gotta get Windows in there, too. So I'll probably be putting something on the website about this all open source, of course. Fairly simple. It's using GOIP. I tried to keep it to a doubt, to a minimum, on the requirements of Perl scripts, so hopefully it's not too hard to get going. There's only two messages, open and close. You can make your own. You don't have to use my Perl script. All it's doing is it's doing what, you know, you could do this in Ruby, Python, you could escape into this thing, you could do whatever you want, as long as you can talk to the serial port over 9600 bot and send those funny little messages that we're talking about earlier. Heck, you could take the serial box code, figure out, you know, how it works, how a network engineer would approach this problem and change some stuff. The other ideas I had were, like, maybe you could make an Ethernet version of this. There is such a thing as Ethernet Shield. It would eliminate the whole USB thing, but honestly, I think it would probably be really, really poor performance, so I don't know about that. Maybe there's better host site programs. Of course, the most important was bigger LEDs, right? That's the, that would be the big feature ad there. And there's some links. So, what do you think? Pretty cool, so that's a bit.