NSM-Console
NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options. It aims to be simple to run and easy to understand without a lot of learning time.
NSM-Console changes pretty quickly, since I'm the only developer. I will try to keep a log of what I have added here. NSM-Console is released as an included tool in the Hex 1.0.3 release, the included version is 0.6-DEVEL.
NSM-Console tends to change pretty quickly, since I'm the only developer :)
Here are a couple of screenshots:
Documentation:
Read my whitepaper about NSM-Console to get an overview of how it was designed to work. You can download the paper here or find it in the papers section of the site.
You can see all my blog posts tagged with the 'nsm-console' category tag here.
Screencasts
You can download a screencast of NSM-Console referenced at here. Note that the version used in the screencast was 0.3-DEVEL.
You can watch another screencast on how to create a module for NSM-Console here. The version used is 0.4.
Downloads:
The latest stable version of NSM-Console is version 0.7
The latest development version of NSM-Console would be 0.8-DEVEL (which hasn't been started yet). Note that development releases have not been completely tested, and might contain bugs :)
Older version of NSM-Console can be downloaded here.
Personally, I recommend checking the code out from svn.
If you want to check out the code from svn, use the following:
svn co http://svn.security.org.my/trunk/rawpacket-root/usr/home/analyzt/rp-NSM/nsm-console nsm-console