Re: SOC: Quick thoughts on node design, anyone?

[Fyodor <fyodor () insecure org>]

On Tue, May 30, 2006 at 06:32:14PM -0700, stripe dog wrote:
> Hey all,
>
> Just thought I'd post a quick node design to elicit comments/suggestions:
>
> http://barney.gonzaga.edu/~cnevins/nmap/prettymapgraphics.htm
>
> Thoughts, anyone? Like it? Hate it? Constructive ideas? Destructive ideas?

Overall I think these nodes look great!  They are definitely an
improvement over the previous ones.  A few notes:

o You may not want to show filtered ports, as there are often
  thousands of these (for exampe scanme.nmap.org).  And I'm not sure
  that 'filtered' ports are any more deversing of being shown than
  closed ports.  If you are going to show port states other than open,
  'open|filtered' is probably the best contender.  But even then you'll
  have to find some way to deal with the case where there are thousands
  of them.  One thing to consider would be to just list the # of ports
  in each non-open state.  Possibly only when someone clicks the "more
  info" arrow you have.

o The overall node structure looks good.  You may need a third detail
  level which is even smaller, which may only signify device type and
  maybe OS and maybe the rough # of open ports.  Then perhaps you
  could mouse-hover over it to get the large node picture (or a
  textual Nmap-results-style representation).

o Your "OS" example and icon is Redhat Linux.  Usually Nmap doesn't
  give you this much detail (though it occasionally does).  So in
  reality you'll probably just have to focus on the OS family.  You
  might want to consider putting a device type there instead for
  things like printers and routers and such.  Or maybe you could even
  have to use specialized icons covering both OS and device type
  (e.g. Cisco router vs. Cisco WAP vs. Cisco Firewall).

o The planned mapping of connections between hosts will certainly be
  interesting to see.

o In the "big" image, it might be nice to include version detection
  information (at least up to a certain length limitation), kinda like
  how you provide the OS details in the bar across the top of the host.

o Some users might find the "white on gray" IP address hard to read.
  Maybe if you added more contrast by making the bar darker or changing
  the FG color, you could make the text smaller so you could fit the
  rDNS hostname under the IP too.  Or maybe the app could have a toggle
  box for changing whether hostnames or IPs are shown.

I hope this helps and look forward to seeing this develop!

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev