March 20, 2006

AfterGlow 1.5

Category: Visualization — Raffael Marty @ 6:52 pm

Another release of AfterGlow. It’s mainly a feature release where I introduce fan-out filtering. I also fixed some minor bugs around property file parsing and some error messages. Nothing major.

The fan-out filtering is really cool. So far you could only filter based on node counts. Saying for example you wanted to eliminate all the nodes which had a count of 5 or less. Now you can say you want to filter out all the nodes which have a fan out (outgoing neighbors) of 4 or less. This way you can for example identify scans, as here:

Fan Out Filtering

This was generated with: -c -p 1 -d -o 7 -g 8

Where -g is the filter for the fan-outs. The graph clearly shows that some external machines were scanning all the internal machines on one and the same port.

I am still waiting for people to send me their graphs!!

No Comments »

No comments yet.

RSS feed for comments on this post. | TrackBack URI

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> .