Another release of AfterGlow. It’s mainly a feature release where I introduce fan-out filtering. I also fixed some minor bugs around property file parsing and some error messages. Nothing major.
The fan-out filtering is really cool. So far you could only filter based on node counts. Saying for example you wanted to eliminate all the nodes which had a count of 5 or less. Now you can say you want to filter out all the nodes which have a fan out (outgoing neighbors) of 4 or less. This way you can for example identify scans, as here:
This was generated with:
afterglow.pl -c color.properties -p 1 -d -o 7 -g 8
Where -g is the filter for the fan-outs. The graph clearly shows that some external machines were scanning all the internal machines on one and the same port.
I am still waiting for people to send me their graphs!!