netoskop: Visualization of IP packets found on a network.

Plot of ip_id and ip_checksum fields of IP packets. Blue denotes icmp, red denotes udp, and green denotes tcp. Upon experimenting with different fields, I noticed some were meaningful. Different operating systems leave different kind of visual trails. Different events cause different clusters. For example, dns requests form a vertical trail. There are other meaningful plots. Plotting ip_ttl is especially interesting. Data is captured using snort, then scaled in database, then visualized with Processing.

By Can Altineller <altineller_at_gmail_dot_com>
Built with Processing.