IDS mailing list archives

Previous By Date Next
Previous By Thread Next

New Visualisation Widget (in lastest shoki release)

From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Mon, 12 May 2003 20:22:19 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Recently, I've found my self often in need of a tool for visualisation of
n-dimensional models of packet data.  Since I couldn't find anything
that really met my (admittedly rather esoteric) needs, I coded up one
myself.  It is now part of the most recent release of my NIDS toolkit,
shoki (currently at rev 0.2.1).  The widget in question is the shoki
packet hustler, or hustler(1).

Short version:  it takes a libpcap dump file as input and will plot 
arbitrary packet variables (i.e., anything in struct tcphdr, struct
udphdr, struct icmp, or struct ip...to use the BSD nomenclature) in
a set of three linked 2d plots (x-y, x-z, and y-z, in a layout that
will be familiar to anyone who's done drafting work), as well as a
3d isometric view.

There's also a bit of cluster analysis widgetry built in, as well
as the option to view phase space plots of the aforementioned variables.
None of this is particularly well documented at the moment.

It also requires compiling and installing the rest of shoki in order
to get it working, which can take some doing (and which also isn't
particularly well documented).

I imagine this will be of interest to other statistical intrusion detection
lunatics (like myself), and perhaps people who just think 3d visualisations
tools are cool.  If either of those describes you, I'd appreciate any
comments, observations, bugfixes, code contributions, or whatever you
might have to offer.

The shoki source is available from the project homepage on SourceForge:

        http://shoki.sourceforge.net/

...and the documentation for the hustler(1) (including the obligatory
screenshots) is at:

        http://shoki.sourceforge.net/shoki/hustler_doc/






- -spb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)

iD8DBQE+wGOXG3kIaxeRZl8RAisAAKDy49klVKgWNkYCLpKpSBlDXvZoCACdGdxs
QNupNggjlt78gBqsW4mQRSM=
=/yMS
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: