[Bro] Data Visualization
jean-philippe luiggi
jean-philippe.luiggi at didconcept.com
Sat Mar 7 14:15:29 PST 2009
Hello Everybody,
I did a (simple) perl script in order to use Bro with "Picviz", this tool is a parallel coordinates
plotter which helps to visualize your data using parallel coordinates plots
(http://en.wikipedia.org/wiki/Parallel_coordinates).
Here are the parameters i plot : time, src_ip, src_port, src_bytes,
dst_ip, dst_port, receive_bytes, duration, state.
The states are the same Bro is reporting about :
"S0,S1,SF,REJ,S2,S3,RSTO,RSTR,RSTOS0,RSTRH,SH,SHR,OTH", I plot them using 3 groups of colors :
"S0,S1,S2,S3, REJ,RSTO,RSTR" as "blue"
"SF" as "green"
"RSTOS0,RSTRH,SH,SHR,OTH" as "red"
}
Using parallel coordinates plots is a very useful way to see what's
happening so happy "Picvizing" :-)
You'll find the files i use at http://www.rootshell.be/~jpli/picviz
and "Picviz" is available at http://www.wallinfire.net/picviz
With regards,
Jean-Philippe.
More information about the Bro
mailing list