Hello Seth, I am currently using 2 GUI tools, NSM (Advanced Analytics $10k) and etherape (ghu). I am also writing a realtime trending tool (perl cgi), which grabs its data from a Dragon EFP; I suppose one could use snort or others (ready in 2 months); this will go to public (gnu). I found source-forge and apt-get/yum repositories full of new toys, almost every day. Again, what kind of graphs are you looking for? What is your data source? For a quick solution if I can dump the data in a simple text table (forgive me father) MS Excel can produce decent graphs. a Adam Bakir Consultant InfoSec COE CGI Information Systems and Management Consultants Inc. 1410 Blair Place, fourth floor Ottawa, ON, K1J 9B9 Phone: (613)740-5900 x5495 Fax: (613)740-5918 CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to CGI Group Inc. and its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply email. -----Original Message----- From: loganalysis-bounces+adam.bakir=cgi.com@private [mailto:loganalysis-bounces+adam.bakir=cgi.com@private] On Behalf Of Jess Garcia Sent: Thursday, August 04, 2005 8:20 PM To: Seth Leone Cc: loganalysis@private Subject: [logs] Re: Looking to graphically map ip conversations Hi Seth, I don't know what kind of graphing you want to do, but etherape graphically displays the traffic exchanged between hosts using different colors for different protocols as well as the amount of traffic being exchanged at each moment. It can take its input from a pcap file (assuming that "dead log files" means pcap file captures): http://etherape.sourceforge.net Additionally, there was a talk in the last Black Hat conference by Greg Conti, "Beyond Ethereal: Crafting A Tivo for Security Datastreams", where he presented rumint, a graphical tool for analyzing traffic (although I don't know if this one goes in the direction of what you are looking for): http://www.rumint.org/software.html I haven't had the time to play with it yet though. JESS ----------------------- http://www.jessland.net ----------------------- Seth Leone wrote: > Hi, > > I am looking for any pointers to open source or > commercial software that can graphically map ip > conversations via "dead" log files [not live > traffic!]. > > Products I already know of: visio(more manual than i > would like *grin*), silentrunner(aka now net > Forensics, i think) and the netboy suite(not > available). > > Thanks, > > > > > > > ____________________________________________________ > Start your day with Yahoo! - make it your home page > http://www.yahoo.com/r/hs > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Aug 08 2005 - 15:30:47 PDT