The GPL Cube of Potential Doom

A GPL network visualizer based off the Spinning Cube of Potential Doom

What the Cube of Doom Does

The spinning cube listens to a pcap interface or stdin, extracts new connections, and graphs them onto a cube.

The coordinates of each point are determined by mapping the source, destination, and port to the cube axis.

Thats it. And then it looks cool.


Port scan

Normal traffic

Background grid

Background grid

Running the Cube

For basic operation, the doomcube reads input from stdin of the format:
'doomcube' expects input on stdin of the format 'sourceip destip portnum'. Typical usage is to run tcpdump and pipe the output through the translation scripts into 'doomcube'.

Scaling can be controlled by changing the source or destination range with '-s' or '-d' on the command line. To map incoming connections from the internet to your local IP space, change the destination to be your IP block, for example '-d'. The coodinates will scale to map that IP block to the cube axis, and packets outside of that range will be ignored.

The '--resolution' option controls the granularity of point caching. The default is 30000. This can be set lower on systems with lower CPU or graphics power.

The density of the background grid is controlled via '--ndivisions'. Usually five to eight divisions look best.

Using the Cube

'f' toggles fullscreen mode.

'esc' or 'q' quits

The mouse moves the cube. Clicking and dragging imparts a spin to the cube.


The Doomcube uses the standard autoconf configure system to find the components in your system.

Run './configure' followed by 'make'.

There is currently no 'make install'. Just run it.


The development versions of the doomcube are available via subversion:

svn co doomcube

The latest full release is: 2011-02-R1, available here