Visualisation

The bsod visualisation tool uses the libtrace framework to transform network traffic into a graphical format that can be viewed in real time. Capturing from a live network interface, or from a saved trace file, bsod visualises the flow of network data between hosts, providing (at a glance) information about network usage.

Changes!

Febuary 28 2008:

New versions of both the client and the server. This version should perform better under load. Also a fix to the server so it doesn't lockup occasionally.

March 1 2007:

New versions of both the client and the server. The config file format for the client has been changed since the last version. A new version of libtrace will be required. Dependancies that were built as part of the client and the server have been removed from the distribution and will need to be installed seperately.

June 30 2006:

New versions of both the client and the server. The networking protocol has changed since the last version. New features include a menu in the client to change the display, more efficient cpu and memory utilisation in both the client and the server. This version requires libtrace 3.
This new release by default uses a new graphics card feature called "point sprites." Not all graphics cards have this feature. If you don't see any packets, try disabling "billboarding" in the config file.

March 23 2005:

New versions of both the server and client have been released. The packet format has changed since the last release, and so the new versions of client and server are incompatable with the old ones.

• Vastly better performance when a lot of flows are created and destroyed in a short period of time.
• Performance improvements across the board.
• Several new options to play with in the config file (see below).
• Added help page (press F1 while the client is running).
• P2P ports have their own colour now (for common ports only).
• Particles are jittered in low framerate situations making the visualization look more pleasing.
• New particle alpha map (looks nicer and creates dots, not squares, when particles are piled on top of each other).
• Added the ability to toggle between all traffic and darknet (traffic going to addresses which have been the source of no traffic)traffic, allowing you to see scans and other "garbage" traffic more easily.
• The server should now compile fine on FreeBSD

bsod Server

One half of the bsod visualisation is the server. This is responsible for the processing of captured packet headers, extracting the necessary information and packaging it for display by the client(s). The bsod server is known to compile and run in Linux. Source code, along with instructions on how to build/run the server, is available for download:

• bsod-server-1.5.1.tar.gz
• bsod-server-1.5.0.tar.gz
• bsod-server-1.4.0.tar.gz
• bsod-server-1.3.0.tar.gz
• bsod-server-1.2.2.tar.gz
• bsod-server-1.1.0.tar.gz

In addition, you will need to download and install libtrace. and libconfig

bsod Client

The other half of bsod is the client. Taking the flow, packet and addressing information supplied by the server, it displays data travelling from source to destination. The client is known to compile and run in Linux and Windows. Source is available for download as well as a precompiled Win32 binary.

• bsod-client-1.5.0.tar.gz (bsod-client-win32-binary-1.5.0.zip)
• bsod-client-1.4.0.tar.gz (bsod-client-win32-binary-1.4.0.zip)
• bsod-client-1.3.0.tar.gz (bsod-client-win32-binary-1.3.1.zip)
• bsod-client-1.2.1.tar.gz (bsod-client-win32-binary-1.2.1.zip)
• bsod-client-1.1.0.tar.gz (bsod-client-win32-binary-1.1.0.zip)

The bsod client software is based on the BuNg 3d engine written by Sam Jansen and Jesse Baker. See http://www.wand.net.nz/~stj2/bung/ for more information.