Engineer from Télécom Paris
Ph.D Thesis from UPMC

Network & Security IT - Le RSI
Check news about my company


Big Image

My Own Private Opinion, Maybe Yours ?

Welcome on this personal home site, that could be named This site is intended to share my personal productions : ideas, opinions, free software, photographs, art work, experiments... Do not hesitate to contact me if you want to react, make business with, or add comments to those informations and make this site grow. Be sure I will include your own opinion in the content.
Alexandre Fenyo

Direct Access:

GNetWatch: open-source Java network analyzer:

Big Image

Commodore 64 revival:

Big Image

After having started programming on a PET CBM 4032 in the late seventies, I bought a Sinclair ZX-81 in 1980 and finally sold it in 1982 to buy this wonderful Commodore 64. I'm still using it regularly more than 25 years after. Is is now connected to our new Samsung 40 inches HD-Ready flat TV: click here to read the full story...

Google Groups Never Forgets...

Big Image

Thanks to Google Groups, I have recently recovered the evidence of my very first contact to the Internet, a very long time ago - it was posted on USENET, accross a 64 Kbit/s Leased Line (a MUST HAVE during this past Age). Yes, the question was stupid (see verbatim below), but it was asked more than 14 years ago from now ! Of course, nobody answered. May someone please post a follow-up today ? :-)
Date: Fri 10 jan 1992 15:51 - From: - ...

...and Neither Does Google Images

Big Image

Thanks to Google Images, find enclosed on the left, the first computer I started to build programs on. On this PET CBM 4032, with its MOS-6502 clocked at 1 MHz, its 16 Kbytes RAM and the very efficient semi-graphics monochrome display, I implemented little games and prime number computation, using the simple BASIC interpreter embedded in ROM. It was in 1979...

VPN-over-DNS, available on Google Play

Big Image

My first Android application, VPN-over-DNS, is a software shipped with an account to connect to my VPN server farm. In a few words, it lets my users tunnel data through a DNS server. Data exfiltration, for those times when everything else is blocked. DNS tunneling is simply encapsulating data over DNS queries and answers, to let two parties communicate across a network of DNS resolvers and servers. VPN-over-DNS is DNS tunneling, but it is not IP over DNS tunneling. It is directly application data (mail content or web pages) on top of Dns queries and answers. Far less layers. Moreover, data is GZIP-compressed before going to the network. Also, data is parsed and filtered to remove non-informational content: MIME attachments and HTML MIME parts inside mails, images, JavaScript, Cascading Style Sheets and Cookies on web pages are all deleted just before data is sent on the network. Such a way, traffic bandwidth is increased a lot. To perform this direct encapsulation of application data on top of DNS queries, I have had to develop and integrate an optimized native browser and an optimized simple Mail User Agent in my VPN-over-DNS application. This was the hard thing to do, because on the contrary, implementing IP over DNS wouldn't have needed me to implement any user agent. To get bandwidth and create an application that you can simply configure and use even if you are not a geek or a network engineer, I needed to re-implement user agents. That was the challenge.

Hacking an infrared key transmitter:

I often have difficulties to open our parking door at home, because of the infrared key transmitter that doesn't seem to work correctly. This transmitter, built by Valeo, is based on a Philips OM1058T chip. The system doesn't work well because the 24 bits secret key is transmitted only 3 times when you press the switch. To improve the system, I needed to build a similar electronic module, but sending the key continuously. First, I hacked the secret key with a photo-transistor and my Tektronix oscilloscope. Then I made a clone based on a general-purpose microcontroller and a common consumer infrared LED. I designed a basic board that integrates a PIC16F877 micro-controller from Microchip, an asynchronous serial interface and an I/O extension port. I uploaded the physical design files to a PCB manufacturer in China, bought the electronic parts to a local reseller and soldered the whole thing in the kitchen. Here is the result:

Universal infrared remote control

Here is my universal infrared receiver/transmitter I made to manage my TV and other multimedia devices from my DECT phone.
This is the first version: an USB driven module.

This is the second version: I have integrated a wireless XBee module to connect my infrared module to my Asterisk PABX, and manage the IR commands from my DECT phones.

This is the third version: I have added a web interface. The "TNT", "Apple TV" and "DVD" buttons automatically launch advanced scripts that can switch on/off the adsl TV box, the Apple TV, or the DVD reader, adjust the volume of the Hi-Fi stereo amplifier, set the desired SCART or HDMI TV input, etc. The "Loop" and "Stop" buttons are used to loop on a set of TV channels (5 secs each), the "Volume" button is used to set the volume of the stereo amplifier and the channel names are used to change the current channel on the adsl TV box.

Electric Window Shutter

Here is my wireless to wireless interface for handling our Bubendorff electric window shutters: this is a transcoder between XBee / 802.15.4 low power wireless transmission protocol and the proprietary Bubendorff wireless automation protocol. For now, our window shutters are automatically opened and closed by means of a crontab that computes times for sunrise and sunset.

The prototype works well, so I made a production release and uploaded the physical design files to a PCB manufacturer in China: I should receive in 3 weeks. Here is the design :

The production version is here:

Production version 2: internal buzzer included (to be installed in my bedroom => low-cost alarm clock based on a crontab !)

Playing with magnetic fields:

Basic demonstration board for the TLE4905L unipolar magnetic field sensor: using a magnet to switch a LED on/off. The LED is driven by a 2N2369A PNP transistor.

Playing with magnetic fields: (part 2)

As explained previoulsy on this page, I can use my DECT phone or a web interface to make my computer run global scripts that switch my TV on/off, set the desired channel, adjust the volume of my Hi-Fi stereo amplifier, etc. To make this work, the scripts that run on my server need to know the power state of my TV: if the TV is already switched on, the script must not send an IR code to switch the TV on, because it would on the contrary switch it off. So, I designed this analog module that probes the magnetic field generated by the electric alternating current my TV gets from its power outlet on the wall. The signal is driven to a digital I/O on the GPIO interface of my Raspberry PI, then it is sent to the server through a Wi-Fi connection.

Important note 1: the 990Ω resistor may be adjusted to set the correct current detection level (at home, I've adjusted the resistor to 800Ω and the whole module consumption is about 1 Watt and a half)
Important note 2: in order to get rid of high frequency interferences that can make the system erroneously indicate that your TV is switched on (even if you have only connected either the 220VAC source power cable or the TV power outlet to the module), you MUST connect the ground of this module to the earth, connect the earth of the TV to the earth of the power outlet and adjust the value of the (not polarized) capacitor that is parallel connected to the output coil of the transformer. At home I use a 470nF X7R capacitor and it should filter frequencies above 6KHz. With a 10μF capacitor, it should filter frequencies above 300Hz.

Here are the statistics collected during the first week: 20h41m watching TV.

Electrical characteristics of a green led

Since I often use this type of small leds on my boards, I wanted to know the exact electrical characteristics. So, I connected my function generator (Centrad GF 265) and my multimeter (APPA 106) by means of serial ports to a PC and I made an automatic electrical characteristics analyzer, with simple shell scripts.

Touching my watch screen to switch on my TV (in french only)

1- la SW2 signale la pression sur l'écran en Bluetooth à mon téléphone Galaxy S2
2- mon Galaxy S2 relaie en http sur Wi-Fi la demande auprès du serveur web apache de, qui tourne dans une machine virtuelle SuSE Linux
3- le serveur apache lance un script CGI qui se connecte en WiFi à un extenseur de couverture Wi-Fi raccordé en filaire à un RaspBerry PI derrière la TV, ce Raspberry étant relié par un port GPIO à une bobine traversée par le cordon secteur de la TV, pour vérifier qu'elle n'est pas déjà allumée (si la TV est sous tension, elle tire alors du courant, la bobine est donc parcourue par un courant induit, l'entrée numérique du Raspberry passe alors au niveau haut)
4- si la TV n'est pas déjà allumée, le script CGI se connecte alors à un serveur J2EE (hébergé sur un serveur Windows) et sur lequel est déployée une application J2EE capable de communiquer en mode API avec un XBee pour relayer des informations à l'ensemble des XBee de l'appart
5- le serveur J2EE qui sait communiquer en mode API avec un XBee établit alors une connexion TCP avec un serveur Linux RedHat physique, sur lequel tourne un petit processus redirigeant cette connexion TCP vers un port USB, ce port étant raccordé à un module d'interface USB/série raccordé à un XBee coordinateur en mode API, qui permet de faire du trafic avec tous les XBee domotique de l'appart
6- Ce coordinateur relaie le code télécommande envoyé par le serveur J2EE vers un module autonome installé à côté du canapé en face de la TV, constitué d'un XBee endpoint raccordé à un microcontrôleur via liaison série asynchrone
7- le microcontrôleur envoie le code télécommande sur une sortie IO reliée à un transistor qui pilote une LED infrarouge
8- la TV s'allume
Le film:

Brute-force attack to pair with Le Cube set-top box from Canal+ and automation scripts

In this package, I have written some simple UPnP scripts that you may use for automation of your Canal+ set-top box. It also contains a brute-force tool that can pair with the box without knowing the 4 digits secret. It is only available for Unix/Linux/Cygwin environments (it relies on Perl and Zsh).

Online Manual

My Android bug report to Google has been accepted and a patch has been applied

During summer 2012, I encountered a bug on Android ICS with my Galaxy S2 mobile phone: connecting to a TLS-secured multi-homed web server using SNI (rfc-3546) was impossible when my Galaxy was using a proxy through a Wi-Fi network. The bug has been confirmed by Google and Android has been patched. This is important because the SNI option is the only secure way to let multiple secured servers share the same IPv4 address (other ways like certificates with multiple alternative subject names have security issues since a common certificate is shared among different servers that are possibly not owned by the same company).

Adding light bulb control to my home automation system

Now that I can control many devices at home, by means of many other devices, I've recently added some useful new devices: light bulbs from Philips. This story began at Chrismas: I have been offered a HUE pack made by Philips containing 3 bulbs and a network bridge between a wired Ethernet network and a ZigBee pervasive network made of bulbs. As you can see on the back of the bridge, as Philips has written, its a Zigbee IP Bridge.

I already had 4 wireless networks at home, with center frequency specifically chosen to have very good channel rejections between them :
- the Wi-Fi 802.11g ESSID "ivrynet", that covers the 2nd floor and managed by my Internet box (FreeBox), with a spectral density centered at 2.422 MHz
- the Wi-Fi 802.11g ESSID "ivrynet extended", extending the wireless network to the 1st floor and managed by a Wi-Fi to Wi-Fi repeater, so the spectral density is the same as for ivrynet (consumer grade Wi-Fi repeaters include only one radio module).
- the Wi-Fi 802.11g ESSID "ivrynet extended 2", dedicated to real-time audio and video streaming (Apple AirPlay protocol, from our laptops to our Apple TV set top box), bridged with my Internet box by means of a couple of PLC modules, letting me use another channel than the one used by the two other ESSID, with a spectral density centered at 2.462 MHz. Using this frequency avoids collisions between streaming flows and Internet browsing.
- a 802.15.4 network, based on DSSS with BPSK modulation as a physical layer, made of XBee Pro modules (one coordinator and several endpoints), to automatically manage our window shutters and other multimedia devices. I had chosen a center frequency at 2.440 MHz, specifically to avoid interferences with my other Wi-Fi networks.

The problem with my new light bulbs network is that it is based on the ZigBee network layer, itself based on the 802.15.4 data link layer. And Philips has chosen the same physical layer as the one used by my XBee Pro: DSSS with BPSK modulation in the 2.4 MHz band. With the Philips Hue system, there is no mean to choose the center frequency. As you can see on the following spectrum analysis of my electromagnetic environment, my Wi-Fi and 802.15.4 electromagnetic fields can not interfere, but the Hue network is deseperately set inside my Internet Box band:

I tried many times to shut down and restart the Philips Hue Zigbee IP bridge, but it desperately chooses the 2.425 MHz center frequency. Luckily, it does not interfere with my dedicated streaming ESSID (ivrynet extended 2), but it should do an energy scan before selecting an available channel, and its choice is awesome.

For those interested to know the channel used by their HUE system, here is the way I did it. I used an XBee Pro module and made an active scan. Then I discovered my 802.15.4 network, so the other is the HUE one.

To confirm that the channels were the good ones, I made a script to send many status requests to the bulbs by means of the HUE RESTful/Json API and here are the results of an energy scan during this experiment. As you can see, there is some energy only on the previously identified channels.

My light bulbs are now integrated in the whole home automation system. As you can see on the following picture, I can switch lights on/off by means of my watch:

The bulbs can also be switched on/off by means of the DECT phones (call 8 to switch them on/off) or by means of the Web interface:

Finally, as you can see on this picture, here are my two 802.15.4 bridges: the XBee Pro module (USB/802.15.4 bridge) and the HUE module (Ethernet/ZigBee bridge).

Magnifying a pad from a small SSOP28 package

To test my new digital microscope, a DigiMicro Lab5.0 from DNT, I took a picture of a FT232RL USB to UART converter, based on a SSOP28 CMS package. As you can see, a pixel width is about 2.5 µm.

Comparing pixel shape and density

Here are two side-by-side pictures of my Samsung Galaxy S2 and my Apple iPad2, taken from my digital microscope (DigiMicro Lab5.0 from DNT). As you can see, a pixel width is about 192 µm on the iPad2 and only 116 µm on the S2. The shapes are also quite different.

GNetWatch is mentioned in a book !

The fifth Edition of A Guide to Customer User Support, for Help Desk and Support Specialists references my GPL-licensed Network Monitoring Software GNetWatch as an alternative to OpenNMS. Thanks to the author of the book !

Redesign of a 60A latching relay command part

At the beginning of this new century, I designed a box connected to a modem, that allowed me to remotely switch on/off a whole data center, driving a dual-coil 60A latching relay, with part name HFE9 (JE9) 12-HS. The whole story is available here. The box had been working during about 2 years driving a 5 kVA UPS, 8 more years driving a light bulb, and finally failed. So I recently tried to repair it. It eventually appeared that the relay was broken. The original version of my box was poorly designed: no rectifier to protect against high voltage due to the coils at switch time (I've just measured about 200V with my oscilloscope), power loss due to the use of opto-couplers to drive the coils, overloaded transistors driving the opto-couplers... So I've just made a new design of the command part, that is far better (the 2 inputs are driven by a micro-controller). Note that the difficulty is linked to the facts that the two coils have the same negative terminal and that the working voltage is higher than what a microcontroller can directly drive.

Improving network performances

Here are some tips to configure a Realtek 8168B gigabit Ethernet controller and multiply performances by about 10.
- 67 Mbit/s with the default driver parameters (under Windows)
- 220 Mbit/s setting "interrupt moderation" to "false" (default value is "true")
- 650 Mbit/s changing the MTU from 1500 to 9000.

Home Networking

Home networking can nowadays be rather complicated, due to the several types of networks you can find at home. Here is my home network layer 2 map, including:
- FastEthernet and GigaEthernet wired links
- POTS internal (connecting my IPBX to my DECT base station) and external (connecting my ADSL box to my ISP) links
- a wireless DECT network
- many Wi-Fi networks (one for guests, two for home computing and one dedicated to multimedia streaming), including remote sensors (e.g. a power sensor detecting activity from my TV, for home automation, based on a Raspberry PI)
- some PLC modules, bridging access to the dedicated multimedia-streaming access-point
- a ZigBee PAN (personal area network) managing a network of light bulbs
- a 802.15.4 PAN managing a network of remote controllers (window shutters, infrared remote command of multi-media devices)


My own version of the 2048 game: I patched an HTML+JavaScript version initially written by Gabriele Cirulli, and changed the tiles to hexadecimal numbers, in order to get the first version of 0x800, especially for gamers that understood the advantages of hexadecimal notation ! Have fun !

Wideband spectral analyzer

I often deal with high frequency electromagnetic fields. To make my wireless systems work correctly, I'm using a wideband spectrum analyzer (15 MHz to 2.7 GHz). On the left, two measures in the DCS range, I've taken at two locations in the same building. This building is near a DCS antenna, the field intensity at the first location is about 30 times the one at the other location.

On the following picture, you can see the electromagnetic environment at home:

Analyzing mobile UMTS coverage

Wideband spectral analyzer (part 2)

My micro-waves oven is at about 2458 MHz.

QoS on downstream Internet IS POSSIBLE

You will often ear people saying it is not possible to shape traffic coming from a remote router that does not have QoS rules. This is especially the case with Internet box dsl or fiber connections.
But you will also ear people talking about advanced QoS appliances like ipanema, that can do that with virtual probes.
Moreover and on the contrary, some other people will say that with a Linux box used as a router, you will be able to manage traffic shaping the way you want, much more efficiently than with a mid- or high-class managed switch or router.

According to me, I can not imagine using a Linux box as a switch or router to switch packets (a Linux box can be used as hosting a routing protocol daemon, of course, but not to handle switching or routing packets of several interfaces at speed like 1 Gbit/s). Also, a router must be specialized to do its best to route packets, and nothing else, in order to have very low latency.

Anyway, I show here how to implement downstream QoS with a Cisco Small Business switch using:
- a RMON probe implemented in the switch
- an aggregate policer
- multiple egress queues
- traffic shaping
- DiffServ marking
- a SYSLOG server (Linux box) running a daemon receiving RMON events, collecting aggregate policer statistics and modifying the traffic shaping configuration depending on the network behaviour

This works correctly at home to manage video traffic to my set-top-box(es), for months.

Comparing terrain profiles (profils altimétriques)

As you can see, Géoportail 3D seems to be far better than the open data BDAlti 75m.
With these measures, I tried to estimate the horizontal step and vertical accuracy of the 3D models used at this position:
BD Alti: horiz step:  75m; vert: less than 1m
Geo 2D : horiz step: 100m; vert: less than 2m
Geo 3D : horiz step:  30m; vert: less than 50 cm

Three hours work...

Three hours work: replacing the original inner shaft by an extended (+1.5 cm) aluminium inner shaft and changing a broken engine.

Motorized Camera controlled by the telephone:

For some years, I lodge different pets at home (Cat, Chinchilla, Hamsters).

Each time I tried to phone one of them, I was unable to understand what he said : I tried but never succeeded in teaching any human language to them. So, I created this motorized camera controlled by the telephone, in order to supervise them when I'm at my office.

The system is made of 3 parts:

  • 1- a private PBX based on Asterisk: this Linux PC is connected to the PSTN. When it receives a phone call, it converts DTMF signals to commands sent into an asynchronous V.24 interface (RS-232-C),
  • 2- an electronic box based on a micro-controller that receives commands from a V.24 interface and is able to drive a motor (stepper),
  • 3- an USB camera attached to the stepper, broadcasting to the Internet.

You will find here photos, schematics, source code and movies about this project.

Top Articles:

ImageElectronic design: driving a 60A relay with a micro-controller
Use this device to drive a 60 Ampere relay in order to power on/off dozens of computers at once.

Image"new_station" patch for hostapd
Improve 802.1X authentication on wired IEEE 802 media, with this patch for hostapd.

Copy, manipulate and erase raw data on your usb flash drive. Essential to really get privacy with your files.

ImageHidden VNC server
This patch for WinVNC 4 allows you to install a hidden VNC server : no more tray icon.

ImageRaccorder son réseau d'entreprise à l'Internet
A free book about networks. First published by Eyrolles in 1997, and under terms of Creative Commons in 2006.
© A. Fenyo - F. Le Guern - S. Tardieu

IP phone to analog phone interface circuit
At work, people usually do not get an analog phone line anymore since numeric or IP phones appeared. See how to connect your old analog device (modem, wireless DECT phone, Minitel) only using your IP phone to get the network access: read this.

Very low cost 20MHz signal generator for ham radio HF power amplifiers testing
Learn how to make a 20MHz HF signal generator using a few simple discrete analog components. Moreover, see how a 33 years old Tektronix oscilloscope gives better results than a numeric one bought recently. The whole story is here.

Split tunneling with Cisco
Enabling split tunneling with Cisco IPsec VPN Linux client software is always possible: read this.

Modelling IEEE Spanning Tree protocols using an UML Class Diagram
To really understand the dependencies between the many Spanning Tree protocols, I wrote an UML class diagram describing their relationships here.

Motorized camera controlled by the telephone
This project demonstrates how to drive a camera from the telephone line, any details here.

External Links:

ImageMy Former Web Site
Since 04/26/01, I maintain a web site named Since I made many updates recently, click here to access the original content, where old informations are kept. The photo is also from 2001 :-)

ImageAgnes' Web Site
Agnes, my wife, maintains a web server where you will find plenty of original resources : free software from her own production, probability courses, exams' corrections, photos of her trips in the US... Do not hesitate to visit her site, she will be glad to see her access.log growing !

ImageCanardou's Web Site
Canardou has always been for me a friend that really matters, helping me in every situation. According to informations currently available, Canardou could be affected by the H5N1 virus. So, for a few weeks, Public Health Bird Regulations have made me forbid Canardou to walk away from our appartement. Feel free to take news about him from his personal home page.

Private Links:

ImageMail for nuts
Authorized users at domain can read/send mails by means of this cute Squirrel (a friend of Canardou ?).