NSM-Console

NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options. It aims to be simple to run and easy to understand without a lot of learning time.

NSM-Console changes pretty quickly, since I'm the only developer. I will try to keep a log of what I have added here. NSM-Console is released as an included tool in the Hex 2.0 release, the included version is 0.8-DEVEL.

NSM-Console tends to change pretty quickly, since I'm the only developer :)

Here are a couple of screenshots:

Documentation:

Read my whitepaper about NSM-Console to get an overview of how it was designed to work. You can download the paper here or find it in the papers section of the site.

NSM-Console is also mentioned in a few whitepapers, like this one on advanced incident handling. Check it out!

You can see all my blog posts tagged with the 'nsm-console' category tag here.

Screencasts

You can download a screencast of NSM-Console referenced at here. Note that the version used in the screencast was 0.3-DEVEL.
You can watch another screencast on how to create a module for NSM-Console here. The version used is 0.4.

Downloads:

The latest stable version of NSM-Console is version 0.7

The latest development version of NSM-Console would be 0.8-DEVEL. You can download a tarball of the latest development code from here. Note that development releases have not been completely tested, and might contain bugs :)

Older version of NSM-Console can be downloaded here.

Personally, I recommend checking the code out from git.

Update: I switched to git from svn, because I like it more and it's way easier to push changes to. Check out the nsm-console project page on github for the latest checkin info!

If you want to check out the code from git, use the following:

git clone git://github.com/dakrone/nsm-console.git