Monday, June 04, 2007

Wiresquid Network Sniffer

processing java application, july 2007, jim soliven


more images found on my flickr

Wiresquid is Wireshark's illegitimate kin. It is a graphic visualization of a network packet "flow" that occurs during a TCP/IP session. Each network packet that flows from the source receives a response or two from a destination. Each transaction is represented by a tentacle that forms from the construct.

A list of features for Wiresquid follows:
  • Each time you send a packet to the network, a destination host responds to the request. The request can be broken down into smaller packets or TCP windows. Each collection of packets is a flow.
  • For every flow leaving your macine, it is represented as an object that leaves from the "src".
  • Each response to a request from the destination host is represented by an object that flows towards the "src". Each flow is color coded depending on the IP address of the responding host.
  • A response from the host is represented by a tentacle from the "squid" construct in the middle. Traffic flows outside the range of your IP address subnet mask is represented by a white tentacle. Traffic that is local to the IP address range is marked by green.
I work as a Network Analyst during the day. In my day-to-day operations I find it necessary to sniff traffic on a wire to examine packets and analyze the network. I've always been fascinated by the possibility of using the network as a source of data for graphic visualization purposes. Wiresquid is my first attempt at furthering my interests.

Files and Source Code:

application.macosx.zip - Wiresquid macosx application. Requires OpenGL, Java 1.5. Before running the application, you'll need to change the permisions on certain files to allow the application to run as root. Open a terminal window and type "sudo chmod 777 /dev/bpf*". Enter your password then the application should be able to run.

application.linux.zip - Wiresquid Linux application. Requires everything that the MacOSX application needs. I didn't really test this application since the two Linux servers I play around with are Pentium 800 Mhz machines and do not support OpenGL(boo! No Beryl!)

There is no Windows version of the application. The reason being is that all three of my windows machines cannot run the application due to a bug on the CarnivorePE software.

Labels:

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home