skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: GROK

Abstract

GROK is web based Internet Protocol (IP) search tool designed to help the user find and analyze network sessions in close to real time (5 minute). It reliew on the output generated by a packet capture and session summary tool called BAG. The bag program runs on a linux system, and continuously generates 5 minute full packet capture ILIBPCAP files, Internet session summary files, and interface statistic files, round-robin, over a period limited to the amount of disc storage available to the system. In the LANL case, an 8 terabyte file system accomodates seven days of data (most of the time). Summary information, such as top 20 outgoing and incoming network services (such as www/tcp or 161/udp) along with network interface statistics which indicate the health of the capture system are plotted every 5 minutes for display by the GROK web server. The grok home page presents the analyst with a set of search criteia used to query the information being collected by the bag program. Since the information ultimately resides in "pcap" files, other pcap aware programs such as bro ethereal, nosehair, smacqq, snort, and tcpdump have been incorporated into groks web interface. Clickable documentation is available for eachmore » search criteria« less

Authors:
Publication Date:
Research Org.:
Los Alamos National Laboratory
Sponsoring Org.:
USDOE
OSTI Identifier:
1230902
Report Number(s):
GROK; 001972MLTPL00
LA-CC-05-050; C-05,053
DOE Contract Number:  
W-7405-ENG-36
Resource Type:
Software
Software Revision:
00
Software Package Number:
001972
Software Package Contents:
Media Directory; Software Abstract; Media includes: Source Code, Text Library, Compilation Instructions, Linking Instructions, Control Information, Programmer Documentation, Installation Instructions
Software CPU:
MLTPL
Open Source:
Yes
Source Code Available:
Yes
Related Software:
apache web server
Country of Publication:
United States

Citation Formats

Wood, C. Philip. GROK. Computer software. https://www.osti.gov//servlets/purl/1230902. Vers. 00. USDOE. 24 Feb. 2006. Web.
Wood, C. Philip. (2006, February 24). GROK (Version 00) [Computer software]. https://www.osti.gov//servlets/purl/1230902.
Wood, C. Philip. GROK. Computer software. Version 00. February 24, 2006. https://www.osti.gov//servlets/purl/1230902.
@misc{osti_1230902,
title = {GROK, Version 00},
author = {Wood, C. Philip},
abstractNote = {GROK is web based Internet Protocol (IP) search tool designed to help the user find and analyze network sessions in close to real time (5 minute). It reliew on the output generated by a packet capture and session summary tool called BAG. The bag program runs on a linux system, and continuously generates 5 minute full packet capture ILIBPCAP files, Internet session summary files, and interface statistic files, round-robin, over a period limited to the amount of disc storage available to the system. In the LANL case, an 8 terabyte file system accomodates seven days of data (most of the time). Summary information, such as top 20 outgoing and incoming network services (such as www/tcp or 161/udp) along with network interface statistics which indicate the health of the capture system are plotted every 5 minutes for display by the GROK web server. The grok home page presents the analyst with a set of search criteia used to query the information being collected by the bag program. Since the information ultimately resides in "pcap" files, other pcap aware programs such as bro ethereal, nosehair, smacqq, snort, and tcpdump have been incorporated into groks web interface. Clickable documentation is available for each search criteria},
url = {https://www.osti.gov//servlets/purl/1230902},
doi = {},
year = {Fri Feb 24 00:00:00 EST 2006},
month = {Fri Feb 24 00:00:00 EST 2006},
note =
}

Software:
To order this software, request consultation services, or receive further information, please fill out the following request.

Save / Share:

To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .

OSTI staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, OSTI will contact you. No further action will be taken until all required information and/or payment is received. Orders are usually processed within three to five business days.

Software Request

(required)
(required)
(required)
(required)
(required)
(required)
(required)
(required)