DINO

DINO is a lightweight front end for network visualization. DINO, short for Drop In Network Observer, utilizes the open source network monitoring tools SiLK and SNORT to create an easy-to-use dashboard for situational awareness.

DINO queries flow records stored by SiLK and creates graphs for items such as top talkers, incoming/outgoing and hourly traffic, top ports, and snort alerts with the related flows records. Additionally DINO can analyze an upload PCAP files created with tcpdump, create a summary report, and extract the files within the packet capture using tcpxtract. 

Features

NetFlow Visualization
Flash-based NetFlow visualization

Flow
Powerful SiLK backend available to advanced users

IDS
Leveraging open source IDS tools

IP GeoLocation
Plotting geographic locations of IP addresses in an interactive map

Availability

Public

Release Date

October 2011

Version

Version 1.5

System Requirements

DINO is built on PHP and Open Flash Chart, and it is designed to be run on Linux systems. DINO has been tested on Fedora, Redhat, and Ubuntu.

Download

DINO can be downloaded from the CERT Forensics Wiki.

dino-top-talker

Figure 1: Top Talkers by Bytes

 

dino-monthly-traffic
Figure 2: Monthly Traffic Overlays—Graph of Netflow Data for October-December 2011

 

dino-maps

Figure 3: Map of IP Address to GeoLocation

Find Us Here

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.