[SecViz] Source / Destination Confusion

Raffael Marty rmarty at splunk.com
Mon Mar 30 12:31:43 EDT 2009

Previous message: [SecViz] gheat
Next message: [SecViz] Source / Destination Confusion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jan, thanks for posting the portscan example in R on secviz.org: http://www.secviz.org/content/nmap-scanning-behavior-visualized-r-project

Nice graphs and great method to create quick graphs. In your example,
aren't you running into the source/destination confusion? I think you
are. What I found to be a good solution is to either throw the pcaps
into argus and use racluster to stitch them together based on their
flow, or use tcpflow to do that.

Cheers

Raffael

--
Raffael Marty @zrlram
Chief Security Strategist @ Splunk>
Security Visualization: http://secviz.org raffy.ch/blog

Previous message: [SecViz] gheat
Next message: [SecViz] Source / Destination Confusion
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SecViz-Visualization mailing list