Welcome to JeffreyGarcia.net

I love Programming

Main Work Study JAVA Linux News

Hello Buddy! Welcome to my personal home page.
This is a place where you can find my story, study, business... and many many things about me.
So if you are really interest on me, check this out!

Announcements

At last, the wait of PC Locator 5 is over.

PC Locator 5


PC Locator 5.0 empowers us to scan faster, more accurate, more efficiently and more suitable for HSBC's global network than with any other Network Scanner sold on the internet. It have retained all those fancy features from previous versions, with many new developed scan engines to support the backend searching, plus a totally new visualization which enable us to carry out many amazing GUI functions.


Thanks To

Although I am the only developer for PC Locator 5, there are still a lot of people who have helped me out over these days, I have been fortunate enough to have had the support of so many people in DSS and without them PC Locator 5 would not have been made. While most people did not help directly on it, everyone of them contributed in some way towards helping me to get where I am today, such as giving me many suggestions in the right direction and so the spirit of our team is truly awesome, even things like just going out for lunch.

For everyone listed here I am eternally grateful for their help -
Mr. Cheong Woo, Ms. Amanda Lam, Mr. Andrew Lee, Mr. Geoffrey Yiu, Mr. Ricky Kam, Mr. Castor Ma, Mr. Tony Ng, Ms. Jenny Wong, and of course, Mr. Andy Wong and Ms. Anna Kan


Background

As shown above, the slogan for PC Locator 5 is
"Locating PC in everyway that a PC can be located."

It has long been my dream and expectation to developed a software which process some intelligence to discover computer's information in a massive network environment.

With the explosive growth of corporate networks and the increasing presence of the internet, the need for comprehensive tools and solutions to manage networks for optimum performance and security has never been greater. Being the System Administrator of ePO & Tivoli, DSS is responsible to provide better protection to every OA workstations during virus outbreak/disaster, therefore we observed a rising need for quick response to locate any PC which is:
  • infected by virus/worms either due to a lack of AV software/latest signature (which relies on the reporting from ePO)


  • without certain security patch and thus exposed to vulnerability (which relies on the reporting from Tivoli)
Such demand bacame more apparent when the Deborm/Blaster virus attack HSBC on 2003, so in that early summer we've started the development of PC Locator and the first version was launched on August 2003, which shapes the initial design of "HTTP Port Scan Engine" . 2 months later, the "Multi-Threaded" version came which enable numerous scanning instance to proceed together. At that time we do believe it is enough to defense our network and so further enhancement of it has been put aside. Such naive thoughts was soon broken by the Sasser virus, it completely exposes the weakness of PC Locator v2.0, I remembered an urgent modifications has been carried out overnight, PC Locator v3.0 was then released the next morning with the support of "Random IP Scanning" . This lesson teach us that we should always keep hard working before it's too late. Thus the next enhancement "Low-Level Scan" on PC Locator v4.0 followed immediately, and we've even created the "Mail Robot" to accomodate the 7*24 requests from NCC for locating suspicious computers.

PC Locator



Introduction

PC Locator is a utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single host.

PC Locator uses the famous Webpage Crawling Technology (see http://www.google.com/bot.html  or  http://www.robotstxt.org  for details) to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, and MAC Address recognition. PC Locator is written by JAVA2 and therefore runs on most type of computers and both console and graphical versions are available.
  • Flexible:
    Support dozens of advanced techniques for mapping out machines with their owners and purpose.
    - Integrate the databases from the 3 famous Group Systems (Tivoli, ePO & QIP) for intensive searching of computer objects.
    - Includes many low-level port scanning mechanisms (both TCP & UDP) such as OS detection, version detection, ping sweeps, MAC Address recognition. (see http://www.insecure.org  for details).


  • Powerful:
    PC Locator has been used to scan huge networks of literally hundreds of thousands of machines, it's quick scanning activity is supported by many multi-threaded algorithms.


  • Portable:
    Most operating systems are supported, including Linux, Microsoft Windows, AIX, Solaris, MAC OS X, common Unix, and more wherever JAVA is supported.


  • Ease of use:
    Although PC Locator offers a rich set of advanced features for power users, general users (such as Local LAN Admin or Helpdesk) can also carry out functions via the Graphical User Interface available to suit their preferences.


  • Free:
    The primary goals of the PC Locator Project is to help making the Global HSBC's network a little more secure and to provide administrators/auditors/developers with an advanced tool for exploring the networks. Since PC Locator is an in-house developed product, it is free of usage and also comes with full source code that other developers may modify and redistribute for localized usage.


  • Well Documented:
    Significant effort on documentation have been made on either both the coding & JAVADOC API.

Software Architecture

We used JAVA in writing PC Locator 5 in order to implement an application which is capable of:
  • Scan http port 9495 and 8081 to determine the existence, validity and information of Tivoli/ePO on the target hosts.
    - by the java.net library


  • Retrieve data via complex query from various brand of DBMS such as DB2, SQL Server, Sybase and Oracle .etc
    - by JDBC of the java.sql library


  • Possess an efficient running time even for large number of input size, either by means of a well designed algorithm or multi-threaded technology.
    - by the Threading class in java.lang library


  • Support object-oriented data flow and object-oriented storage for complex data type.
    - by various container classes in the java.util library


  • Produce a powerful Graphic User Interface to support quick and easy usage.
    - by the javax.swing library


  • Perform intensive mathematic computation over large amount of data to generate statistices.
    - by the Math class in java.util library


  • Execute Operating System dependent commands.
    - by the Runtime class in java.lang library


  • Portable to various operating system and easy to be deployed over internet/intranet.
    - by the java web deploy technology


  • Open Application Programming Interface (API) to achieve easy integration with other applications.
    - by the javadoc utility

Design Overview

The most important goal with the design of this software architecture is performance. Due to limitations of the CPU & memory in Desktop Computer, especially when large number of thread-processes were resident in memory, it is thus important that as much as possible be extracted out of the resources available.

PC Locator Design Overview

The first main concept we used in software architecture is that of data flow. The figure above depicts this data flow from an overall perspective, with data retrieved from remote hosts, being processed by specific application code at background, and then returned back to the frontend interface. The data flow model is supported by the use of objects to perform specific actions such as processing tracker data, combining results, and rendering GUI graphics or data spreadsheets. Objects allow problems to be broken down into simple tasks to simplify software development. Object are grouped together into various container, such as Linked List, Vector, Array, depends on the actual situation. These objects can be further distributed across multiple processes or computers in units named execution containers, with the data flow occuring over a network when required.

The JAVA language and its compilers are used for all development, supporting both low-level code and high-level features such as object-oriented programming. The renderer that forms a core component of most applications is implemented using JAVA Swing and provides satisfactory performance of graphics support when the physical memory is large in the system (P4 2.4 GHz + 512 MB RAM) . The software has been used on a number of small and relatively slow computers (Celeron C733 MHz + 256 MB RAM) and is capable of running adequately in most cases, the exception being the invocation of too many thread-process.


Object Design

This section describes the overall design of the classes in the software architecture, which can be devided into four categories - those for representing data values (data), those for processing input data values and the producing some kind of output values (processing), those for implementing core features that other classes can inherit or use (core), and helper code that implements interfaces to streamline developement (helper). Each class can also be classified into one of the categories depicted in Figure below. Applications require classes from both high and low levels to be instantiated as objects and connected together. Each class can contain nested sub-objects of other class types or primitive JAVA values such as double, float, integers, boolean .etc.



Threading

In most cases, operations in PC Locator do not require the use of multi-thread to perform processing of data flows. Data flow calculations tend to be very sequential and most libraries implement thread safely using timeout, forcing most operations to run exclusively. Since the final data display depends on all calculations being completed it must be performed last and so cannot be run in parallel. While some calculations maybe parallelised, the benefits is the significant decrease in running time but compromising more resource consumed. While many scanning/calculation complete quickily, others such as data retrieval from DBMS require longer periods of time, since it depends on the performance on target DBMS (for Tivoli, it is a mainframe computer; for ePO it is just common intel server computer) .


Summary

So this document is the product specification of PC Locator, explaining the advantages of PC Locator and its uniform approach to discover remote hosts information in complex network environments, especially with many mixed platforms & equipments. The architecture uses a data flow methodology with an object-oriented design to allow applications to be implemented by connecting processing objects together. Using this software architecture, powerful features such as distributed object programming are made possible. The design is completely based on the JAVA language and although the language has a number of limitations (exhaustive resource sonsumption due to the implementation of automatic garbage collection) , those top designers in Sun Microsystems are developing lots of strategy to overcome such problems (e.g. JDK v1.5)

The use of JAVA allows creation of powerful applications that operate on a wide range of mobile computers. In future, we'll continue to seek for better improvements on PC Locator as our mission to protect the thousands of computers in HSBC.

Different from previous version, PC Locator 5 is no longer a web based application, due to some limitations of modern web browsers security, it must be ran on local machine.




PC Locator Screendump
PC Locator - Various Scanning/Searching Results


PC Locator Screendump
PC Locator - Reports view of Hitrate Analysis


1 1