Thursday 21 April 2016

Free Port Monitoring Service

One of my friends and I have built a service based on the recent posts of the blog on visualizing computer's port distribution and monitoring the usage. It is like the tools we already had here basically, but with a better UI, easier to use and some more information. I do not know why, but the service is named "Puffin"

Clear as crystal
One of the problems with installing a client that sends data to a server on the cloud is that you usually don't know what information it sends up. Same issue happens even when the software is not supposed to do anything with the Internet. What we have done in Puffin, is using simple shell scripts to send data to the Puffin's back-end service. So you can see the inside of the script with any text editor and make sure what information it sends to the server.

Dashboard page of the service

Who is this service for?
Everybody who is curious or wants to know what his/her computer does while connecting to a network or the Internet. Mostly computer students or geeks, network administrators, technical supports or those who does not trust to installed software and want to know what the installed software are doing with the Internet or network connection. If you are a computer, software, network, ... geek you don't need to read the rest of the post; test it here: http://sleptons.tools

Here is how it works
  • You send your port usage data based on what we talked about before in this blog via a simple shell script file.  
  • The script file uses the available "netstat" command in Mac OS, Linux, and Windows to retrieve the information.
  • The script only sends information of your established connections' remote port numbers. 
  • In the back-end, Puffin keeps track of the pattern of the port distribution for the maximum of 10 minutes. So it knows what ports you have used and how you have used them in last 10 minutes.
  • Whenever a new dataset comes, Puffin compares the new dataset with the pattern it has stored, or believes you are following it. 
  • The results of the comparison are some graphs, tables and texts showing used ports, port usage, anomaly index, and total information gain.

Easy to use, but not that much!
Running the script may not be easy for some people. So if you are interested in using the Puffin and having some problems with running the script; just contact us via the available form in the blog or the provided email address at the bottom of the "Help / Quick start" tab in the Puffin's home page, we assist you with that.

How to use it
We already have talked about the entire processes and the way Puffin works in this blog's posts, here is how you can use the service:
  • Go to the "http://sleptons.tools", which is going to be the place to offer some free services. However, since at the moment, there is only the Puffin available, it automatically redirects you to the Puffin's home.
  • Just give an email address and check the sign-up checkbox and send the form.
  • Puffin sends you an email containing your password and an application key.
  • The application key is just for your information; this is the key how Puffin recognizes your data.
  • To send the data, we have provided three different shell scripts for Mac OS, Linux, and Windows. You have access to these scripts when you sign in. They are available in "Help / Quick start" tab. The script you download contains the application key we talked about before. 
  • After downloading the script, if you are a Mac or Linux user you need to give the execution permission to the script via the command "chmod +x puffin.sh" before running the script.
  • If you are a Windows user you need to run the script in Power Shell, so you have to let the script get executed in the shell. Just type the following command which lets Power Shell runs the script in the current session: "Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass"
  • Make sure you have signed in and have a valid session then run the script. To execute the script you need to pass the number of samples you want to send to the back end service, so for 300 samples run the following command: "./puffin.sh 300 -v" or for Windows users "windows.puffin.ps1 300 -v". The "-v" option tells the script to show the information it sends to the server.
  • The script sends samples of your port usage every 2 seconds and after sending 5 samples, it starts comparing your usage with the expected patterns. 

A good handy tool
Puffin is a handy tool to see how your computer uses ports. For example, you are suspicious if some program secretly sends data to the internet, all you need to do is running the script and monitoring the graphs while you still have not launched the suspect application. Let the puffin learns the idle pattern of your computer, then run the application if it tries to use the Internet or network Puffin catches it.

You can use as a tool to debug your computer's network problems too. It shows you the total number of the TCP connections and this value always has a correlation with the network traffic usage. So you can find out the health status of your computer's network connection or your traffic volume with Puffin too. For example, if you always have some fix count of open ports, when you open or close applications, it can be the reason of something being wrong.

You can define some specific ports to get monitored by the Puffin. If you do, Puffin draws particular graphs for them, and you can separately see their behaviour. For example defining a port like "22" lets Puffin monitors the way your computer uses ssh to some remote points.

Security and privacy
As we discussed Puffin's client are text scripts so you can see what they do when they run them on your computer. The information it sends are general and doesn't contain any private data. The connection from your computer to the service is encrypted via a valid SSL certification.


Download:  TIME SERIES ANOMALY DETECTION

No comments:

Post a Comment