With regards to the last posts about IP to geo-location mappings, Jess mentioned a couple of tools to do visual analysis of network traffic. I presented at DefCon last Sunday and released a tool called AfterGlow, which you can use to graph log files. The tool is at: http://afterglow.sourceforge.net and the presentation is available via my Web page: http//security.raffy.ch/projects/vis/marty_eventgraphs_defcon05.ppt If you have any troubles or questions, please let me know. Also, if you should generate some cool graphs, I'd love to get a copy! Thanks -raffy PS: If you should ever have to parser tcpdump output, afterglow contains a script: tcpdump2csv.pl which you can use to parse tcpdump output. It will take care of swapping sources and targets for the responses... -- Raffael Marty, GCIA, CISSP raffy@private Senior Security Engineer http://security.raffy.ch PGP: 0x4E0F59A9 3000 D9E8 4442 211D 1523 6C96 6818 90EA _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Aug 08 2005 - 15:31:07 PDT