UPDATE: NSM-Console has a new home on my new website!
NSM Console (Network Security Monitoring Console) is a framework for performing analysis on packat capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options.
NSM Console also aims to be simple to run and easy to understand without lots
of learning time.
It is highly recommended that you visit the wiki page, as it stays up to date better.
You can watch a screencast of nsm-console at this post.
You can watch another screencast on how to create a module for NSM-Console here.
The latest version of nsm-console can be downloaded from:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.5.tar.gz [release notes] [mirror]
You can see all the posts tagged with the ‘nsm-console’ category tag here.
If you want more information about what it is (and what it does), check out this introductory post.
A list of projected and completed modules is in this post.
NSM-Console changes pretty quickly, since I’m the only developer. I will try to keep a log of what I have added here. NSM console is released as an included tool in the Hex 1.0.3 release, the included version is 0.6-DEVEL.
If you want to check out the code from svn, use the following:
svn co http://svn.security.org.my/trunk/rawpacket-root/usr/home/analyzt/rp-NSM/nsm-console nsm-console
28 Comments
December 21, 2007 at 10:58 pm
[...] Firstly, download the files here. The static page for nsm-console is here. [...]
December 21, 2007 at 11:21 pm
[...] Behold! I present NSM-Console! (read more about it here) [...]
December 25, 2007 at 11:35 am
[...] Here’s a list of all the planned modules and completed (struck-out) modules for nsm-console: (if a module is struck out, it’s because I’ve finished making a module for it, it [...]
January 1, 2008 at 1:10 pm
[...] version of nsm-console (0.3-DEVEL) I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new [...]
January 5, 2008 at 9:24 pm
[...] Screencast: An introduction to NSM-Console Well, I’ve been working on this for the last week or so, trying to get it all working the way I wanted, and after around 15 takes, I finally have a screencast for anyone interested in the idea behind and usage of nsm-console. [...]
January 8, 2008 at 11:29 pm
[...] NSM-Console version 0.3 release Yep, I’ve just been cranking out code lately, so I am proud to present the 0.3 release of nsm-console! [...]
January 11, 2008 at 11:16 am
[...] you’re interested in upcoming features in NSM-Console, you can check out the latest TODO file [...]
January 11, 2008 at 5:12 pm
[...] Decoding the SANS Christmas packet challenge using only NSM-Console In my never-ending quest to find justification for writing NSM-Console, I hereby present the following tutorial on how to decode the SANS Christmas packet challenge using nothing but NSM-Console: [...]
January 15, 2008 at 12:27 pm
[...] to quickly write modules of your own. Check out http://rawpacket.org/projects/hex/nsm-console and NSM Console « :wq for more information on NSM-Console as well as a screencast outlining some of it features and uses. [...]
January 16, 2008 at 5:47 pm
[...] 16th, 2008 Well, it has barely been any length of time and there’s already a new release of NSM-Console, there are so many features that I’ve been coding like crazy to get them all done. First, [...]
January 16, 2008 at 9:09 pm
[...] out http://rawpacket.org/projects/hex/nsm-console and http://thnetos.wordpress.com/nsm-console/ for more information on NSM-Console as well as a screencast outlining some of it features and [...]
January 22, 2008 at 8:50 pm
[...] my last screencast, but I thought I’d do another, this time showing how to create a module for NSM-Console (so now you have no excuse for not [...]
January 24, 2008 at 5:34 am
[...] out http://rawpacket.org/projects/hex/nsm-console and http://thnetos.wordpress.com/nsm-console/ for more information on NSM-Console as well as a screencast outlining some of it features and [...]
January 24, 2008 at 9:51 am
[...] I already made an NSM-Console module for flowtime [...]
January 28, 2008 at 11:53 am
[...] out http://rawpacket.org/projects/hex/nsm-console and http://thnetos.wordpress.com/nsm-console/ for more information on NSM-Console as well as a screencast outlining some of it features and [...]
January 28, 2008 at 3:30 pm
When running the chaosreader module it errors out. This is what I get
–> cd output5.pcap-output/chaosreader;chaosreader -v /home/socanalyst/output5.pcap
sh: chaosreader: command not found
Is there someone that can help with this?
BTW…nsm-console is a great tool!
January 28, 2008 at 3:39 pm
@Bubba
It looks like you don’t have chaosreader installed, in order for the chaosreader module to work you have to have chaosreader installed.
You should be able to download and install chaosreader from: http://www.brendangregg.com/chaosreader.html
I’m glad you like NSM-Console
January 29, 2008 at 10:07 am
Hi Lee,
I do have the chaosreader script installed (and can use it by itself to read pcap files), but unsure of where nsm is trying to call it from so it can run. Is there a certain directory that nsm console is trying to call the chaosreader script from?
January 29, 2008 at 10:09 am
@Bubba
As long as chaosreader is in your path, NSM-Console should be able to find it, it just calls it as “chaosreader”, so if it’s something like /usr/local/bin or /bin (the normal path places), it should find it alright.
January 30, 2008 at 12:21 pm
[...] Hex 1.0.3 should be out any day now, It will have NSM-Console 0.5-DEVEL version on it, which I will be releasing additionally for download at the same time, look [...]
February 4, 2008 at 8:07 am
[...] as well as some of the tools included on the distribution. There’s even a page dedicated to NSM-Console (Although the review is using the older 0.2 and 0.3 versions and there’s been lots of [...]
February 5, 2008 at 1:08 pm
[...] get version 0.5 all finished for the Hex 1.0.3 release, and I’m happy to present the newest NSM-Console [...]
February 11, 2008 at 1:14 pm
[...] Hinman on February 11th, 2008 I’d like to point out a couple of user-submitted modules for NSM-Console that are now included in the [...]
February 13, 2008 at 11:06 pm
[...] covered a list of the most important changes in his blog post, I’ll just echo the changes in NSM-Console, which is the software that I develop. The version of NSM-Console in Hex 1.0.3 is 0.6-DEVEL, which [...]
March 4, 2008 at 11:28 am
Trying to create a module and wondering if there is any way to have the module (within the modules/module_config_file) have it source either a perl or bash script. Like for example run tcpflow once that’s done have it source a script to do something else with the flow files?
Thanks, this is a great tool!!
March 4, 2008 at 11:36 am
@rsc: Sure, there is a way to do that, take a look at the Harimau module for instance, here’s the command line:
ruby -I ${MODULE_DIR}/${MODULE_NAME}.module/ ${MODULE_DIR}/${MODULE_NAME}.module/${MODULE_NAME}.rb ${PCAP_FILE} > ${OUTPUT_DIR}/${OUTPUT_FILE}
Which runs the harimau.rb file inside the harimau.module directory. If you wanted a module to do something similar, you could do this:
tcpflow
perl ${MODULE_DIR}/${MODULE_NAME}.module/perl_script_for_analysis.pl
in the file listing the commands. Does that make sense?
March 22, 2008 at 2:57 am
does anyone knows if there is any other information about this subject in other languages?
March 30, 2008 at 6:19 pm
[...] I already made an NSM-Console module for flowtime too Share and Enjoy: These icons link to social bookmarking sites where [...]