Projects / Trisul


Trisul meters bandwidth usage, monitors flows, and stores raw packets for future drilldown analysis. All traffic data is stored in a SQLITE3 database. It communicates with the outside world via the Trisul Remote Protocol (TRP) and via a Ruby-on-rails application called Web Trisul. What sets Trisul apart from other monitoring tools is its drill-down capabilities for analyzing past events (e.g. "Show me the top hosts using ICMP at 5AM this morning"). Trisul combined with WebTrisul can be used as a Web-based network security monitoring platform. Web Trisul features live SVG charts that allow you to select a time interval and invoke drill-down analysis using the raw traffic data as the source. You can also write tools that communicate with Trisul directly via a secure TLS connection using the Trisul Remote Protocol.


Recent releases

  •  13 Oct 2008 21:00

    Release Notes: New protocols (PPP/PPPoE supported) as well as various overall enhancements. This build also fixes some stability issues that plagued the earlier releases. Capture from multiple interfaces, IP defragmentation, a janitor script, capturing only headers for forensics, support for PPPoE and PPP and updated SQLITE3 amalgamation. Memory leaks have been fixed with Playback. The codebase now supports gcc 4.3 (e.g. Fedora 9)

    •  04 Aug 2008 20:33

      Release Notes: PPP and PPPoE interfaces are supported. SQLITE3 amalgamation has been updated to version 3.6. A major stability issue has been fixed. A memory leak has been fixed with TRP Controlled Context Request. There are various other fixes and tweaks. Web Trisul (the Rails application) has been updated to allow multiple capture profiles to be activated at the same time.

      •  16 Jul 2008 17:18

        No changes have been submitted for this release.


        Project Spotlight


        A Fluent OpenStack client API for Java.


        Project Spotlight

        TurnKey TWiki Appliance

        A TWiki appliance that is easy to use and lightweight.