IDS mailing list archives
New Visualisation Widget (in lastest shoki release)
From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Mon, 12 May 2003 20:22:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Recently, I've found my self often in need of a tool for visualisation of n-dimensional models of packet data. Since I couldn't find anything that really met my (admittedly rather esoteric) needs, I coded up one myself. It is now part of the most recent release of my NIDS toolkit, shoki (currently at rev 0.2.1). The widget in question is the shoki packet hustler, or hustler(1). Short version: it takes a libpcap dump file as input and will plot arbitrary packet variables (i.e., anything in struct tcphdr, struct udphdr, struct icmp, or struct ip...to use the BSD nomenclature) in a set of three linked 2d plots (x-y, x-z, and y-z, in a layout that will be familiar to anyone who's done drafting work), as well as a 3d isometric view. There's also a bit of cluster analysis widgetry built in, as well as the option to view phase space plots of the aforementioned variables. None of this is particularly well documented at the moment. It also requires compiling and installing the rest of shoki in order to get it working, which can take some doing (and which also isn't particularly well documented). I imagine this will be of interest to other statistical intrusion detection lunatics (like myself), and perhaps people who just think 3d visualisations tools are cool. If either of those describes you, I'd appreciate any comments, observations, bugfixes, code contributions, or whatever you might have to offer. The shoki source is available from the project homepage on SourceForge: http://shoki.sourceforge.net/ ...and the documentation for the hustler(1) (including the obligatory screenshots) is at: http://shoki.sourceforge.net/shoki/hustler_doc/ - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (OpenBSD) iD8DBQE+wGOXG3kIaxeRZl8RAisAAKDy49klVKgWNkYCLpKpSBlDXvZoCACdGdxs QNupNggjlt78gBqsW4mQRSM= =/yMS -----END PGP SIGNATURE----- ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- New Visualisation Widget (in lastest shoki release) Stephen P. Berry (May 12)