From f82b45a91ed4b57e55b5708570a979f0ff552a92 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger Date: Wed, 15 May 2024 18:17:20 +0200 Subject: [PATCH] Add journal entry for 25. May 2024. --- notes/journal/2024-05-15-wed.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 notes/journal/2024-05-15-wed.md diff --git a/notes/journal/2024-05-15-wed.md b/notes/journal/2024-05-15-wed.md new file mode 100644 index 0000000..39af607 --- /dev/null +++ b/notes/journal/2024-05-15-wed.md @@ -0,0 +1,14 @@ +# `IOTTB_HOME` +I introduced the environment variable `IOTTB_HOME` into the code. It is used to configure where the root of a iottb database is. #TODO this means that some code needs refactoring. But, I think it will streamline the code. The path in `IOTTB_HOME` shall be used to define the database root. Then, all the code handling adding devices and running captures can rely on the fact that a canonical home exists. Unfortunately I've hard coded quite a bit of ad-hoc configuration to use `Path.cwd()`, i.e. the current working directory, by default. So there will be some refactoring involved in switching over to using `IOTTB_HOME`s value as the default path. + +# Adding Functionality +## Quick and dirty capture +I want to have a mode which just takes a command and runs it directly with its arguments. +The question is weather to only allow a preconfigured list of commands or in principle allow any command to be passed and write the output. I tend toward providing a subcommand for each utility we want to support. The question is what to do about the syntax errors of those commands. Maybe the thing to do is only write a file into the db if the command runs successfully. +### Refactoring the tcpdump capture +With the above idea it would be possible to also refactor or rewrite how tcpdump is called completely. But, the command has a lot of options and maybe its better also offer some guidance to users via `-h`, e.g. to only input the needed and correct filters for example. Choosing the wrong filter could make the capture potentially useless and one might only see that after the capture has completed. +## Converting pcap to csv +I want an option such that one can automatically convert a captures resulting file into a csv. Probably will focus on tcpdump for now, since other tools like [[mitmproxy]] have different output files. + +## Defining Experiment +I want a pair of commands that 1. provide a guided cli interface to define an experiment and 2. to run that experiment -> Here [Collective Knowledge Framework](https://github.com/mlcommons/ck) might actually come in handy. The already have tooling for setting up and defining aspects of experiments so that they become reproducible. So maybe one part of the `iottb` as a tool would be to write the correct json files into the directory which contain the informatin on how the command was run. Caveat: All all option values are the same, basically only, if it was used or not (flagging options) or that it was used (e.g. an ip address was used in the filter but the specific value of the ip is of no use for reproducing). Also, Collective Minds tooling relies very common ML algos/framework and static data. So maybe this only comes into play after a capture has been done. So maybe a feature extraction tool (see [[further considerations#Usage paths/ Workflows]]) should create the data and built the database separately. \ No newline at end of file