|netoskop: Visualization of IP packets found on a network.|
|Plot of ip_id and
ip_checksum fields of IP packets. Blue denotes icmp, red denotes udp,
green denotes tcp. Upon experimenting with different fields, I noticed
some were meaningful. Different operating systems leave different
kind of visual trails. Different events cause different clusters. For
example, dns requests form a vertical trail. There are other meaningful
plots. Plotting ip_ttl is especially interesting. Data is captured
using snort, then scaled in database, then visualized with Processing.
Here is timeVis, a newer data visualization project.