Main view of NetGrok with histogram, filtering, details on demand, and graph view

Latest News

New! March 2010. NetGrok demoed at RSA 2010: McRee, R. Visualizing IDS Output: Tools and Methodology. RSA, 2010. (pdf).

New! March 2010. NetGrok used to analyze Zeus botnet activity. McRee, R. NetGrok and AfterGlow: Visualizing the Zeus attack against government and military. Information Systems Security Association Journal, 2010, 8, 40-32. (pdf).

August 2009. NetGrok was featured in a cover story on security visualization for the September 2009 issue of Linux Magazine (pdf).


We present NetGrok, a new tool for visualizing computer networks in real-time. NetGrok applies well-known information visualization techniques (overview, zoom & filter, details on demand) and employs a group-based graph layout and a treemap to visually organize network data. NetGrok also integrates these tools with a shared data store that can read PCAP formatted network captures, capture traces from a live interface, and filter the data set dynamically by bandwidth, number of connections, and time. We performed a user case study that demonstrates the benefits of applying these techniques to static and real-time streaming packet data. Specifically, NetGrok serves as an "excellent real-time diagnostic," enabling fast understanding of network traffic and easy problem detection.


Download hi-res (m4v - try VLC)


NetGrok was built for the Spring 2008 Information Visualization course taught by Ben Shneiderman at the University of Maryland, College Park. See the class wiki for more information.


  • Ryan Blue, Graduate Student, Computer Science
  • Cody Dunne, Graduate Student, Computer Science
  • Adam Fuchs, Graduate Student, Computer Science
  • Kyle King, Graduate Student, Computer Science
  • Aaron Shulman, Graduate Student, Computer Science


Blue, R., Dunne, C., Fuchs, A., King, K., & Schulman, A., Visualizing Real-Time Network Resource Usage, In Visualization for Computer Security, Goodall, J.R. and Conti, G. (Editors), Springer-Verlag Berlin / Heidelberg (2008), 119-135.

See at SpringerLink or download the pdfPDF

VizSEC 2008 Presentation

Files from our presentation at VizSec 2008

  • Presentation w/YouTube demo (PowerPointPowerPoint or pdfPDF)
  • Presentation w/YouTube demo - extended version (PowerPointPowerPoint or pdfPDF)
  • Presentation w/hi-def video and VLC portable to play from links in PowerPoint (zipzip)
  • VizSEC screencast - see above left


Picture of treemap with highlighted cells being connected to the cell being moused over Graph showing clustering of internal and external hosts
Showing links by hovering over a host in the treemap. NetGrok's network graph visualization.


Head over to our site on Google Code to download an executable jar or browse the source codes.