The GPL Cube of Potential Doom
A GPL network visualizer based off the
Spinning Cube of Potential Doom
What the Cube of Doom Does
The spinning cube listens to a pcap interface or stdin, extracts new connections,
and graphs them onto a cube.
The coordinates of each point are determined by mapping the source, destination,
and port to the cube axis.
Thats it. And then it looks cool.
Screenshots
Port scan |
Normal traffic |
Background grid |
Background grid |
Running the Cube
For basic operation, the doomcube reads input from stdin of the format:
'doomcube' expects input on stdin of the format 'sourceip destip portnum'.
Typical usage is to run tcpdump and pipe the output through the translation
scripts into 'doomcube'.
Scaling can be controlled by changing the source or destination range with
'-s' or '-d' on the command line. To map incoming connections from the
internet to your local IP space, change the destination to be your IP block,
for example '-d 10.10.0.0/255.255.0.0'. The coodinates will scale to map
that IP block to the cube axis, and packets outside of that range will be
ignored.
The '--resolution' option controls the granularity of point caching. The
default is 30000. This can be set lower on systems with lower CPU or
graphics power.
The density of the background grid is controlled via '--ndivisions'.
Usually five to eight divisions look best.
Using the Cube
'f' toggles fullscreen mode.
'esc' or 'q' quits
The mouse moves the cube. Clicking and dragging imparts a spin to the cube.
Compiling
The Doomcube uses the standard autoconf configure system to find the
components in your system.
Run './configure' followed by 'make'.
There is currently no 'make install'. Just run it.
Downloading
The development versions of the doomcube are available via subversion:
svn co https://felloffthebackofatruck.com/svn/doomcube/trunk doomcube
The latest full release is: 2006-03-R1, available here
dragorn@kismetwireless.net
