Homage to a Cube

Quick Links:

Page Contents:

What is it?

NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there!

Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.

If you've been convinced and you'd like to try it out, please visit the Python Cheeseshop page for this project and check out the QuickStart page for details on how to use it.

History

Back around the beginning of 2005, The Spinning Cube of Potential Doom was in the news and really piqued my interest. Unfortunately neither the source nor a binary were available for download and shortly there after the web page was unavailable. The only sources of information were light articles that happened to have copied some of the screenshots.

Well I decided to combine that idea with python, pcap, and opengl. Luckily, I was able to find all of the components that I needed to make it work out. The result is this project and the tarball from Feb 2005 can be downloaded here. It's rough around the edges and needs work, but the basic use of capturing live packets works. It uses the same filters as tcpdump (a la pcap) and currently further reads the packets to only display TCP packets where only SYN is set. This behavior creates a hit in performance though and will be replaced with a more generalized info gathering routine.

This script does have a substantial set of dependencies, but if you get it working (especially on a fast machine) I'd love to you know what you think. Here is a list of direct dependencies (that I know of, anyway):

It was basically not too hard to get these all running on my iBook, but I would really like to get a py2app-based installer built for OS X. I got a basic .app built, but the problem is that pcap needs to be root to open the network interface. Not to mention command line arguments.... Another word on this: I seem to have lost a version I made that had a great set of arguments so I'll have to redo that part.

Anyway, this thing has a long way to go before it could really share the floor with the original, but it's here now.

I have changed over to using pcapy for packet capture and that has allowed me to run this on Windows. However, I found that a slight modification was required in order to use pcapy under OS X. As far as I can tell, winpcap returns a unicode string from lookupdev() whereas libpcap returns a classic char* string. This wouldn't seem to be much of a problem (char* strings work fine as utf-8) but the Python binding for the function specifically tries to use a unicode string. This makes it difficult if not impossible to use. For now I have decided to patch pcapy, but I'll probably end up working around the problem on non-winpcap systems.

http://jkyllo.echospiral.com/images/cube-screenshot.png

Quick News

01 Feb 2007

0.2.0 has been released and is available on the CheeseShop page. Please read the ReleaseNotes for information about that release. The 0.2.0 branch has also been merged into the trunk in order to update the future 0.3.0 branch with the changes from 0.2.0 like the preference UI. Refactoring has begun on the trunk in order to reduce the spaghetti and start splitting things out the way they should have been in the first place!

28 Jan 2007

The preference dialog has been integrated into the main app. I'll be releasing it soon, so here are some release notes. The following settings require a 'restart' to be applied: axis ranges, selected interface, promiscuous mode, read, and write. It should also be noted that one cannot yet set the datapoint colors from the preferences GUI at this time and they must be set through the configuration file directly (~/.netcube.cfg). One last piece, switching to fullscreen and then switching back results in the display keeping the fullscreen resolution until the application has been closed. I have not been testing on OS X recently and I believe I had run into an issue with pcapy/libpcap on that platform. I will try to get this tested (I have an iBook) but if anybody finds that the cube doesn't work under OS X please let me know by filing a ticket.

Planned Milestones

Recent Changelog Entries

More can be seen in the timeline

[88] by jkyllo on 03/18/08 23:56:20

Did some conversion from Input/Output to Sink/Source terminology. Converted many tabs to spaces. Hopefully all. Added TimedSource? and beginnings of ConsoleInputSource?. Added Graph class. Added use of locks in NotificationCenter?.

[87] by jkyllo on 03/01/08 19:48:24

scenegraph.py:

  • Added Orthographic and Perspective GLTransforms for splitting up a UI.
  • Added Line, GLUTSolidCube, and GLUTWireCube.

controllers.py:

  • Added some pieces for looking at 2D UI drawing.

[86] by jkyllo on 03/01/08 19:45:59

Added NodeInputOutput? - a class that buffers input for later output (acts as both Input and Output). Changed up Input and Output a little bit. Changed PassthroughNode? to use NodeInputOutput?. Added ConsolePrintNode? - a Node class that prints input to the console. Added FuncOutput? - an Output class that provides a simple function for adding output.

[85] by jkyllo on 02/26/08 19:04:31

Changed project URL to use the https scheme.

[84] by jkyllo on 02/26/08 19:03:19

Added document todo section.

[83] by jkyllo on 08/23/07 20:50:10

Expanded a couple docstrings.

[82] by jkyllo on 07/05/07 19:42:24

Added design.txt. Added logo files.

[81] by jkyllo on 07/05/07 19:41:39

[80] by jkyllo on 06/27/07 18:17:23

Added beginning of doctest framework and fixed a couple docstrings.

[79] by jkyllo on 06/13/07 18:24:33

Removing erroneous vim swap file.