rumint
(room-int) is an open source network and security
visualization tool
-
Load pcap datasets and capture live traffic.
- VCR/PVR interface to play back the traffic
- Visualize packets in seven carefully designed windows
- Extremely flexible with a total of ~20 different views.
- Currently handles up to 30,000 packets in a high speed RAM
buffer.
|
5 July 2008
For everyone interested in security data visualization, I'd like to announce the publication of my friend Raffy Marty's Applied Security Visualization.
I am looking forward to reading it, and knowing Raffy, it is a great book.
.
18 September 2007
I just released version 2.14. It contains an updated network interface list that works well with the latest version of winpcap (4.0.1).
I'm pleased to announce that I've finished writing a book on
Security Data Visualization(No Starch Press) featuring RUMINT. The book is back from the printers and should be available any day now. I hope you enjoy it.
5
June 2006
RUMINT made the cover
of the June Communications of the ACM.
I just upgraded RUMINT to version 2.11. The key difference is that
you can now compare thousands of packets at a time using a multicolumn
packet length visualization (go to the view menu and select binary
rainfall, adjust the number of columns) Here is a sample
image of a capture the flag dataset.
23 May 2006
Learning
to interpret RUMINT images is a bit tricky, so I created a short
tutorial/overview
guide to help you get a feel for it.
2 January 2006
This version adds filtering and scaling based on TCP and UDP ports
(see the toolbars>filters menu) as well as filtering based on
packet length. Also, I converted all the appropriate interface elements
to eliminate the need for the fm20.dll which should make installation
cleaner. I'm hoping this will allow rumint to also work on Japanese
versions of Windows, if someone could let me know, I'd appreciate
it. I'd also like to thank the good people at astalavista for placing
rumint on their top
10 tools list. Finally, rumint should not time out based on
the packetX library I'm using, this version should fix any problems
along this line.
If you like the tool, please consider joining the (low volume) rumint
users mailing list. I'd like to hear your feedback and answer
your questions. Also, please note that rumint still requires the
winpcap
library.
I'm in the process of building an image gallery
for the site. If you have a screenshot that you would like included
please email me a copy. (extra points if you can send along the
supporting pcap file and a short blurb on what the image shows.
I think posting all three would be of the most benefit to the community.
:) I'd like to include your name in the gallery to give you credit,
but if you wish to remain anonymous, that is fine too. My email
address is: conti replace_with_at_symbol cc.gatech.edu
I need to update the following documents, but they are relatively
current.
installation
guide
faq
If you are interested in the research behind the tool you will find
related talks and papers at my academic
homepage.
rumint version history...
rumint_v2.14 [4.2M]
rumint v2.14 source
(latest version)
rumint_v2.11 [4.2M]
rumint v2.11 source
rumint_v2.09 [4.1M]
rumint v2.09 source
rumint_v2.04 [6.1M]
rumint
v2.04 source
rumint_v2.03
[6.0M]
rumint_v1.97 [6.0M]
rumint_v1.92
[6.0M]
rumint_v1.86
[6.0M] conversion
utility (not needed for later versions)
rumint_v1.85
[6.0M]
rumint_v1.81
[6.0M]
rumint v0.52 [3.1M] see v0.51
rumint
v0.51 [3.1M] v0.51
screenshot
rumint
v0.31 [3.1M] v0.31
screenshot