Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Tools to Visualize Security Data

from [Byron Sonne] Network Security [Permanent Link]
Subject: Re: Tools to Visualize Security Data
Date: Sun, 11 Dec 2005 02:29:48 -0500 
I am trying to collect a list of tools and methods that people are using
to visualize security data. What tools are people using? Anything? Or is
everyone still working with textual representations?

I think I ran into you at BlackHat & DefCon this year, didn't I? I had some ideas about plotting binary data in skinny graphs, y-axis being the ascii value of the byte (0-255) and x-axis being the offset inside the packet/datagram/whatever (could be any data source for that matter, multiple files, etc.). Silly and simple idea, did it in python with pychart.

Turned out to be alot more interesting and alot less practical than I thought ;) There's alot to look at, the way the delimiters stick out, the different patterns between text, binary, different forms of compression and encoding, etc. I had built a little shell around it that you could use to construct packets and probe/tickle multiple targets in parallel.

However, once I saw scapy I realized someone had done most of the work already, and done it better. Just need to figure out how to do the plotting with it, if someone hasn't done it already. Also would like to add an option to plot only the deltas. Other ideas include adding a 3rd dimension to the graph (time), do it up like a waterfall plot. You're dealing with potentially massive amounts of data, capture everything to a database so you can do more in depth stuff later. Who knows.

Has anyone used afterglow (afterglow.sourceforge.net) and has come up with
some neat ways of visualizing data? Maybe some really cool way of
representing a certain type of log file?

I'm not familiar with that bit of software, but I will certainly take a look into it now :) Thanks for the tip.

Cheers,
Byron

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Denial of Service: Commercial Defense products, avi chesla
Next by Date:  RE: IDS for wireless sensor network, Chris Serafin
Previous by Thread:  Tools to Visualize Security Data, Raffael Marty
Next by Thread:  Re: Tools to Visualize Security Data, espen
Indexes:  [Date] [Thread] [Top] [All Lists]