nf3d¶
nf3d is a Netfilter log visualisation tool. Connections and logged packets are displayed in 3D, in a GANTT diagram fashion. The goal of nf3d is to visualise Netfilter related events to be able to detect abnormal behaviour.
Features¶
The following features are available:
- Advanced filtering capabilities with cumulative criteria
- source IP
- destination IP
- source port
- destination port
- IP protocol
- Connections sorting via filtering
- Tables multiple display to be able to do comparison between sequences
- Time browsing (shift displayed time via keyboard)
- Filtering via command line
Screenshot¶
Usage¶
Prerequisites¶
nf3d is currently using ulogd2 pgsql output to read information. You will thus need a working ulogd2 setup to be able to use this tool.
Installation¶
nf3d is using visual python and pygresql as well as other standard modules. You will need them to run this software. On debian, you can install them by typing:
aptitude install python-visual python-pygresql python-configobj python-setuptools
Then go to nf3d directory and type:
python ./setup.py install cp nf3d.conf /etc/nf3d.conf
You can now edit /etc/nf3d.conf to sync it with your database setup.
More informations are available in the README file.
Running it¶
nf3d -h will return an usage message.
To display connections and logged packets over one hour period:
nf3d -d 3600
