Overview: Difference between revisions
| (60 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| __TOC__ | |||
| = Summary = | |||
| This Wiki offers a means where users of the '''Network Security Toolkit''' ('''NST''') can ask questions, share experiences, and offer advice in regards to the use of the '''NST''' distribution and the tools which it contains. | This Wiki offers a means where users of the '''Network Security Toolkit''' ('''NST''') can ask questions, share experiences, and offer advice in regards to the use of the '''NST''' distribution and the tools which it contains. | ||
| Line 7: | Line 10: | ||
| --> | --> | ||
| You can view Webcasts related to '''NST''' on the [[NST Screencasts]] page. This NST Wiki Web site is generated by an "'''NST  | You can view Webcasts related to '''NST''' on the [[NST Screencasts]] page. This NST Wiki Web site is generated by an "'''NST 40'''" system using '''[http://www.mediawiki.org/wiki/MediaWiki MediaWiki]''' software running on an '''[http://www.intel.com/content/www/us/en/nuc/products-overview.html Intel NUC]'''. The following are some of the IPv4 Address Host geolocation tools available with the toolkit using NST Wiki traffic data as a data source. | ||
| = NST Wiki World Users = | = NST Wiki World Users = | ||
| The '''Mercator World Map''' projection below depicts geolocated user host systems that have recently accessed the '''NST''' wiki site. The map is updated once an hour using a collection window of 24 hours. The data source is an '''[http://www.ntop.org ntop]''' session running on an "'''NST  | The '''Mercator World Map''' projection below depicts geolocated user host systems that have recently accessed the '''NST''' wiki site. The map is updated once an hour using a collection window of 24 hours. The data source is an '''[http://www.ntop.org/products/traffic-analysis/ntop/ ntopng]''' session running on an "'''NST 40'''" probe listening on 2 network interfaces (i.e., '''wikirx''' & '''wikitx''') for packet capture. A '''[https://networkvisibility.com/products/ixia-net-optics-tap-copper-10-100-1g-955-0270-tp-cu3  TP-CU3]''' Non-Aggregational TAP is inserted between the '''NST''' probe and the '''NST''' wiki site providing full-duplex traffic access. | ||
| [[File:Curhostswm.png|frame|center|NST Wiki Site World Map: Global Users Host Geolocations]] | [[File:Curhostswm.png|frame|center|NST Wiki Site World Map: Global Users Host Geolocations]] | ||
| Line 18: | Line 21: | ||
| The '''NST''' wiki traffic for the last 24 hours is also formatted as a '''KMZ (KML)''' document that can be downloaded and ''viewed'' in '''[http://earth.google.com Google Earth]''': "'''([http://wiki.networksecuritytoolkit.org/nstwiki/maps/curhostskml.kmz KMZ Document - NST Wiki Traffic])'''". Both the '''Mercator World Map''' and the '''KML Document''' above were produced by the '''NST''' script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstgeolocate.html nstgeolocate]'''". This script is included in the '''NST''' distribution (See the NST Wiki page: '''[http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Automate_%26_Manage_NST_Geolocation_Results HowTo Automate & Manage NST Geolocation Results]''' for further information on geolocating network entities with '''NST'''). | The '''NST''' wiki traffic for the last 24 hours is also formatted as a '''KMZ (KML)''' document that can be downloaded and ''viewed'' in '''[http://earth.google.com Google Earth]''': "'''([http://wiki.networksecuritytoolkit.org/nstwiki/maps/curhostskml.kmz KMZ Document - NST Wiki Traffic])'''". Both the '''Mercator World Map''' and the '''KML Document''' above were produced by the '''NST''' script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstgeolocate.html nstgeolocate]'''". This script is included in the '''NST''' distribution (See the NST Wiki page: '''[http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Automate_%26_Manage_NST_Geolocation_Results HowTo Automate & Manage NST Geolocation Results]''' for further information on geolocating network entities with '''NST'''). | ||
| = NST WebGL Globe = | |||
| '''NST''' now includes a '''[https:// | '''NST''' now includes a '''[https://experiments.withgoogle.com/chrome/globe WebGL Globe'''] implementation for the geolocation of IPv4 Hosts. Each hour new NST Wiki host geolocation traffic data is generated and formatted for '''[https://en.wikipedia.org/wiki/WebGL WebGL] Globe''' usage (i.e. A '''[https://en.wikipedia.org/wiki/JSON JSON]''' formatted document.) which can be ''rendered'' within a web browser producing images similar to the following graphics of the earth. Each red spike represents Host traffic to and from the NST Wiki site derived from an active '''[http://www.ntop.org/products/traffic-analysis/ntop/ ntopng]''' session. Longer spikes indicate greater combined transmit and received network traffic. | ||
| <center>[[File:Nstwikiwebglglobe.png|256x256px|frameless|NST Wiki Site Global Traffic (Day Time Map)]]     [[File:Nstwikiwebglglobenight.png|256x256px|frameless|NST Wiki Site Global Traffic (Night Time Map)]]</center> | |||
| [ | Use this link to view the '''NST''' Wiki traffic for the past 24 hours as a single series dataset:  '''[http://wiki.networksecuritytoolkit.org/nst-webgl-globe/index.html?daymap=true&gdsrc=data/curhostswebgl.json NST Webgl Globe - NST Wiki Traffic]''' | ||
| Use this link to view the '''NST''' Wiki traffic as a multi-series dataset for the past 7 hours with a 1 day time interval: '''[http://wiki.networksecuritytoolkit.org/nst-webgl-globe/index.html?daymap=true&gdsrc=data/curwebgldataset.json NST Webgl Globe (Multi-Series Dataset) - NST Wiki Traffic]'''. | |||
| The '''NST WebGL Globe''' implementation includes the following features: | The '''NST WebGL Globe''' implementation includes the following features: | ||
| Line 29: | Line 34: | ||
| * Uses a bump map for a realistic earth topography visual. | * Uses a bump map for a realistic earth topography visual. | ||
| * Uses a  specular map for a realistic sun and moon glint visual. | * Uses a  specular map for a realistic sun and moon glint visual. | ||
| * Zoom in and out with your mouse scroll control. | |||
| * Automatic earth rotation control. | * Automatic earth rotation control. | ||
| * Configurable selection of the IPv4 Host geolocation data source. | |||
| * Manual data spike intensity scale controls. | * Manual data spike intensity scale controls. | ||
| * The data scale can be dynamically changed between linear and logarithmic. | * The data scale can be dynamically changed between linear and logarithmic. | ||
| Line 36: | Line 43: | ||
| * All parameters included the initial view location and view distance can be controlled via the '''[https://en.wikipedia.org/wiki/Uniform_resource_locator URL]'''. | * All parameters included the initial view location and view distance can be controlled via the '''[https://en.wikipedia.org/wiki/Uniform_resource_locator URL]'''. | ||
| The '''NST''' script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstgeolocate.html nstgeolocate]'''" now includes the ability to produce '''NST WebGL Globe JSON''' documents using ntopng  | The '''NST''' script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstgeolocate.html nstgeolocate]'''" now includes the ability to produce '''NST WebGL Globe JSON''' documents using '''[http://www.ntop.org/ntopng ntop / ntopng]''' as a data source. The '''NST WUI''' can now ''dynamically'' produce on demand '''NST WebGL Globe JSON''' documents for these data sources. | ||
Latest revision as of 21:50, 9 July 2024
Summary
This Wiki offers a means where users of the Network Security Toolkit (NST) can ask questions, share experiences, and offer advice in regards to the use of the NST distribution and the tools which it contains.
The NST homepage is located at: http://www.networksecuritytoolkit.org/. The NST SourceForge project page is located at: http://sourceforge.net/projects/nst. An NST Pro version is located at: http://www.networksecuritytoolkit.org/nstpro. One can download the current version of NST here. A reference about NST at Wikipedia can be found here.
You can view Webcasts related to NST on the NST Screencasts page. This NST Wiki Web site is generated by an "NST 40" system using MediaWiki software running on an Intel NUC. The following are some of the IPv4 Address Host geolocation tools available with the toolkit using NST Wiki traffic data as a data source.
NST Wiki World Users
The Mercator World Map projection below depicts geolocated user host systems that have recently accessed the NST wiki site. The map is updated once an hour using a collection window of 24 hours. The data source is an ntopng session running on an "NST 40" probe listening on 2 network interfaces (i.e., wikirx & wikitx) for packet capture. A TP-CU3 Non-Aggregational TAP is inserted between the NST probe and the NST wiki site providing full-duplex traffic access.

The NST wiki traffic for the last 24 hours is also formatted as a KMZ (KML) document that can be downloaded and viewed in Google Earth: "(KMZ Document - NST Wiki Traffic)". Both the Mercator World Map and the KML Document above were produced by the NST script: "nstgeolocate". This script is included in the NST distribution (See the NST Wiki page: HowTo Automate & Manage NST Geolocation Results for further information on geolocating network entities with NST).
NST WebGL Globe
NST now includes a WebGL Globe implementation for the geolocation of IPv4 Hosts. Each hour new NST Wiki host geolocation traffic data is generated and formatted for WebGL Globe usage (i.e. A JSON formatted document.) which can be rendered within a web browser producing images similar to the following graphics of the earth. Each red spike represents Host traffic to and from the NST Wiki site derived from an active ntopng session. Longer spikes indicate greater combined transmit and received network traffic.
 
     
Use this link to view the NST Wiki traffic for the past 24 hours as a single series dataset: NST Webgl Globe - NST Wiki Traffic
Use this link to view the NST Wiki traffic as a multi-series dataset for the past 7 hours with a 1 day time interval: NST Webgl Globe (Multi-Series Dataset) - NST Wiki Traffic.
The NST WebGL Globe implementation includes the following features:
- Switch between day time and night time maps.
- Uses a bump map for a realistic earth topography visual.
- Uses a specular map for a realistic sun and moon glint visual.
- Zoom in and out with your mouse scroll control.
- Automatic earth rotation control.
- Configurable selection of the IPv4 Host geolocation data source.
- Manual data spike intensity scale controls.
- The data scale can be dynamically changed between linear and logarithmic.
- A reset button to re-initialize the earth 3D control settings.
- Data can be displayed using either a single series or multi-series dataset.
- All parameters included the initial view location and view distance can be controlled via the URL.
The NST script: "nstgeolocate" now includes the ability to produce NST WebGL Globe JSON documents using ntop / ntopng as a data source. The NST WUI can now dynamically produce on demand NST WebGL Globe JSON documents for these data sources.
