AWMN @ oZoNet

You are here: Home > Mirrors > Iptables 3D connection visualization

Iptables 3D connection visualization

with doomcube and netcat This is really something, using doomcube and netcat we can get a 3d visualization of all network traffic via the iptables device file /proc/net/ip_conntrack. This howto is for ubuntu, but really works with any iptables setup with netcat (I'm using this on my openwrt setup). Here's what i'm talking about:

Now for the ubuntu specific portion. First off we need to have libsdl and it's devel libraries installed, as well as freeglut with it's dev stuff:
# apt-get install libsdl1.2-dev freeglut3-dev

Grab the doomcube source from:

# tar xzvf doomcube...tar.gz
# cd doomcube...
# ./configure
# make

If you get an error about "glutInit" modify and after the SDL_Init line, add in the following, then re-run make.
glutInit(&argc, argv);

Ok we're half way there. Now cut and paste the following parsing perl script, name it or something similar:
use strict;
my $ofh = select STDOUT;
$| = 1;
select $ofh;

while () {
if (/tcp\s+\d+\s+\d+\s+\w+\s+src=(\d+)\.(\d+)\.(\d+)\.(\d+) dst=(\d+)\.(\d+)\.(\d+)\.(\d+) sport=(\d+) dport=(\d+)/) {
print "$1.$2.$3.$4 $5.$6.$7.$8 $10\n";
if (/udp\s+\d+\s+\d+\s+src=(\d+)\.(\d+)\.(\d+)\.(\d+) dst=(\d+)\.(\d+)\.(\d+)\.(\d+) sport=(\d+) dport=(\d+)/) {
print "$1.$2.$3.$4 $5.$6.$7.$8 $10\n";

Now on the remote machine, create the following script and run it:
while true
cat /proc/net/ip_conntrack
sleep 1
done | nc -l -p 3333

And on the machine with doomcube just run, changing the paths as necessary, and replacting HOST with the machine the above script is running on:
# nc HOST 3333 | ./ | ./doomcube

And we're good to go. This shows both tcp and udp connections. One thing you might want to change is the lifetime of the "points" in the matrix, add the -l option specifying speconds onto doomcube, otherwise they disappear within like 20 seconds.
nach oben