Wednesday, November 21, 2007

Ubuntu: Rumint

I plan to buy the book - Security Data Visualization that written by Greg Conti. I'm not much into visualization field so I guess it might be good for me to learn more about it with the present of this book. If you are asking for more, you can find other resources/books that recommended by Greg here.

Greg Conti has also written the tool called rumint(room-int) to visualize network packets. However its main supported platform is Windows but no worry, we have wine to run rumint. Assuming you have wine install at the first place, here's how I get rumint running on Ubuntu 7.10.

shell>wget \


shell>cd rumint_2.14_distro/

shell>wine ./setup.exe

You need winpcap if you want to do real time processing for network packets seen by your network interfaces, however I couldn't get it working even with winpcap installed successfully. But you can still load the pcap data to rumint. To launch rumint, just run -

shell>cd ~/.wine/drive_c/Program Files/rumint; wine ./rumint_214.exe

Here's the screenshot -

In orde to load the pcap data, just click on File -> Load PCAP Dataset and choose the data you want to load, then click on the Play button. You can also tune the setting for its filters based on color or ports under Toolbars -> Filters. Once you have clicked on the Play button, it will start replay the packets and there are 7 supported view format such as Text Rainfall, Byte Frequency, Parallel Plot and etc. Check out the next two screenshots below.

Here we have more views! I like the Parallel Plot and Detail view. You can also pause, stop or fast forward the replay of the pcap data.

Currently you can only do the post processing for the pcap data if you are using wine since there's issue with winpcap. But it's good enough when you want to perform packet visualization analysis. To get a good understanding of visualization techniques that offered by rumint, check out the link below.

Hopefully this post gives you the quick glance of what rumint offers and raise your interest in security data visualization field.

Enjoy (;])

No comments: