The network data sample given by Rubin is stored in text, and from the perspective of the system, the data saved in plain text will not be executed by the operating system, so although Xiao Yuan has done some protection, it is to prevent Rubin's floppy disk from carrying other viruses, as for the text of the network data, there is not much worry.

This text occupies almost a full floppy disk, as much as 1.2mbytes, Xiao Yuan used a text editor that can convert between various decimal systems (decimal, binary, octal, hexadecimal) to open this text, because the file is very long, if you want to print it out, I'm afraid it will take as many as one or two hundred pages, and it is impossible to analyze it directly without the help of special tools, so he just turned the first few pages to understand the general situation of this text file, And it was closed.

Looking at the Windows desktop in front of him, Xiao Yuan had a feeling of being constrained, because for a long time, the computer systems he came into contact with were all non-Windows series, for example, usually at home, he used ThinkPaD600, the system installed on that computer was Feonix system, and in the school laboratory, he used the FreeBSD system, although the kernels of these two systems are different, but because their external interfaces are developed in accordance with the POSIX standardThe shell used is also customized by him on top of bash, so it is difficult to feel any difference if the underlying system is not involved in use.

But Windows is different, whether it is the way of operation, or the tools are completely different, the most important thing is that after the Compaq notebook in front of me was taken back from Kamara, it was usually used occasionally by Xia Jiuying when he was surfing the Internet, Xiao Yuan did not install too many tools on it, nor did he install the programming environment.

Now, to analyze this network data, a large number of tools are needed, and even some special tools need to be written according to the situation, which are not available in Compaq's notebook, which is the fundamental reason why Xiao Yuan is constrained.

Therefore, he decided to migrate the work to ThinkPad600, as for the Windows environment needed for the worm to run, on ThinkPad600, he can use a software to set up a win32 API virtual environment on the Feonix system, let the worm go to the virtual environment to run, if the virtual environment is still difficult to meet the requirements, he can also use a big killer like a virtual machine, But limited to the hardware level of the ThinkPad, the virtual machine, which consumes a lot of computing resources, is not ready to be used unless it is absolutely necessary, and if he really wants to use it, he will wait until tomorrow to return to the school lab, where his computer is a FreeBSD workstation, and running a virtual machine on it must be easy.

However, before Xiao Yuan formally analyzed, he decided to take a look at what the worm embedded in this network data looks like and what the specific performance is.

In order to release the worm, Xiao Yuan needs to make some preparations in the early stage, first he has to prepare a virtual environment.

The first function of this virtual environment is to act as an isolation layer, so that the worm runs in it, to prevent damage to the real computer system, second, this virtual environment also has a similar role to monitoring, the worm's every move in it, will be recorded, easy to observe, third, the virtual system can also be as needed, open the appropriate network port, or reserve some specific system vulnerabilities, to observe the worm's reaction in it, etc.

Xiao Yuan has already collected the software needed to build a virtual environment, and now it is stored in his private space in the Xuanne community, and he only needs to download it from somewhere to download it.

Although the virtual environment is not a real virtual machine, it also consumes a lot of resources, Xiao Yuan clearly felt that the system was slowing down after configuring it, but it was still within the tolerable range, and it did not affect his work.

After setting up the virtual environment, Xiao Yuan converted the network data samples that had been converted into text files by Rubin in advance into binary form with a tool, and then imported them into another tool, which will simulate a network host on Xiao Yuan's current computer, and use the simulated host to send network data to the virtual environment, achieving exactly the same effect as actually receiving data packets from the network.

Before sending the network data to the virtual environment, Xiao Yuan now imports the data into another network data sorting software, which will conduct a preliminary analysis of the network data flow, determine the network protocol used by the data flow, and count some other data for Xiao Yuan to observe and analyze.

After the analysis results came out, Xiao Yuan took a look at it first, and the first thing that can be determined is that these data Rubin is intercepted from the network layer in the TCP/IP network stack, and secondly, these data are composed of many network layer protocol packets with normal functions, of which the packets of the TCP protocol occupy the majority, and there are also a small number of ICMP protocol packets, which are interspersed in the TCP/IP packets, and the insertion position is random, and the packets of these two protocols account for 97% of the entire data flow In addition, there are other network layer protocol packets, such as data broadcasting protocol IGMP and so on.

If you want to query whether there is a problem with the data carried in the packets, you need to unpack all these packets, and then decompose the lower data streams for further analysis.

Further unpacking and analysis Xiao Yuan plans to save it for tomorrow when he arrives in the lab, and now he just wants to understand the basic situation of this data flow, and then send them to the virtual environment through the software to see what the network worm will do in the virtual environment.

After the data was sent, Xiao Yuan saw that these packets were accepted by the virtual environment in the monitoring window of the virtual environment, unpacked, and then began to discard these packets because he could not find a program to receive them......

"Wow, what is this place?"

And just when the data packet was received by the virtual environment less than one-third, suddenly a dialog box popped up in the virtual environment, which surprised Xiao Yuan, because he also knew that the appearance of this dialog box marked that the worm virus had entered the virtual environment, but how did this virus get in, he didn't find it at all, everything was so sudden, and the words in the dialog box were more worth his attention.

"Has this virus discovered that the environment in which it is located is not a normal system environment, and how did it find out?" Xiao Yuan carefully tracing the words in the dialog box.

"It's not normal here, why is it so empty, and there is surveillance everywhere, no, I don't like it, I want to leave."

Just when Xiao Yuan was figuring out the words in the first dialog box, the dialog box closed by itself, and then the second dialog box popped up, and the words in it surprised Xiao Yuan at the same time, and also confirmed his speculation just now, that is, this worm was recognized so quickly, the environment he was in was abnormal, and he also expressed his intention to leave.

At this time, in the monitoring window of the virtual environment, the information quickly scrolls, showing that there is a process in the virtual environment scanning the virtual environment, and the name of this process is imthin.

"Imthin, what does that mean?" Xiao Yuan felt that the name was very strange.

And at this moment, the computer suddenly made a ticking alarm sound, interrupting Xiao Yuan's train of thought.

"Haha, it's finally out, and you want to lock me up in a small house, it's so damnable, villain!"

"Damn, this guy actually ran out!" Xiao Yuan didn't care about the childish words in the conversation anymore at this time, and he was more concerned about how this worm escaped from the virtual environment.

Xiao Yuan turned off the dialog box on the screen, crackling and tapping to lose weight, a series of commands were sent out through the monitoring window of the virtual environment, he wanted to investigate the detailed logs of the monitoring program to see how this worm escaped, and then just after he sent out the commands, when he waited for the detailed logs to come out, a dialog box popped up on the computer screen, but the words in it made him stunned as if he had been struck by lightning, and tears quickly blurred his vision.

"Hey, badass, let me ask you, am I fat?"