The UHF of the film world.
Latest news

quietearth [General News 11.17.06]



This is really something, using doomcube and netcat we can get a 3d visualization of all network traffic via the iptables device file /proc/net/ip_conntrack. This howto is for ubuntu, but really works with any iptables setup with netcat (I'm using this on my openwrt setup). Here's what i'm talking about:




Now for the ubuntu specific portion. First off we need to have libsdl and it's devel libraries installed, as well as freeglut with it's dev stuff:
# apt-get install libsdl1.2-dev freeglut3-dev

Grab the doomcube source from:
http://www.kismetwireless.net/doomcube/

# tar xzvf doomcube...tar.gz
# cd doomcube...
# ./configure
# make


If you get an error about "glutInit" modify sdl_doomcube.cc and after the SDL_Init line, add in the following, then re-run make.
glutInit(&argc, argv);

Ok we're half way there. Now cut and paste the following parsing perl script, name it ipparse.pl or something similar:
#!/usr/bin/perl
use strict;
my $ofh = select STDOUT;
$| = 1;
select $ofh;

while (<STDIN>) {
        if (/tcp\s+\d+\s+\d+\s+\w+\s+src=(\d+)\.(\d+)\.(\d+)\.(\d+) dst=(\d+)\.(\d+)\.(\d+)\.(\d+) sport=(\d+) dport=(\d+)/) {
                print "$1.$2.$3.$4 $5.$6.$7.$8 $10\n";
        }
        if (/udp\s+\d+\s+\d+\s+src=(\d+)\.(\d+)\.(\d+)\.(\d+) dst=(\d+)\.(\d+)\.(\d+)\.(\d+) sport=(\d+) dport=(\d+)/) {
                print "$1.$2.$3.$4 $5.$6.$7.$8 $10\n";
        }
}


Now on the remote machine, create the following script and run it:
#!/bin/sh
while true
do
     cat /proc/net/ip_conntrack
     sleep 1
done | nc -l -p 3333


And on the machine with doomcube just run, changing the paths as necessary, and replacting HOST with the machine the above script is running on:
# nc HOST 3333 | ./ipparse.pl | ./doomcube

And we're good to go. This shows both tcp and udp connections. One thing you might want to change is the lifetime of the "points" in the matrix, add the -l option specifying speconds onto doomcube, otherwise they disappear within like 20 seconds.

You might also like


Leave a comment