GROK
GROK is web based Internet Protocol (IP) search tool designed to help the user find and analyze network sessions in close to real time (5 minute). It relies on the output generated by a packet capture and session summary tool called BAG. The bag program runs on a linux system, and continuously generates 5 minute full packet capture ILIBPCAP files, Internet session summary files, and interface statistic files, round-robin, over a period limited to the amount of disc storage available to the system. In the LANL case, an 8 terabyte file system accommodates seven days of data (most of the time). Summary information, such as top 20 outgoing and incoming network services (such as www/tcp or 161/udp) along with network interface statistics which indicate the health of the capture system are plotted every 5 minutes for display by the GROK web server. The grok home page presents the analyst with a set of search criteria used to query the information being collected by the bag program. Since the information ultimately resides in "pcap" files, other pcap aware programs such as bro ethereal, nosehair, smacqq, snort, and tcpdump have been incorporated into groks web interface. Clickable documentation is available for each search criteria.
- Short Name / Acronym:
- GROK
- Project Type:
- Open Source, No Publicly Available Repository
- Site Accession Number:
- 3948; LA-CC-05-050
- Software Type:
- Scientific
- License(s):
- Other
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOEPrimary Award/Contract Number:W-7405-ENG-36
- DOE Contract Number:
- W-7405-ENG-36
- Code ID:
- 56925
- OSTI ID:
- 1230902
- Country of Origin:
- United States
Similar Records
inet
The Internet - an information pipeline for petroleum