argus to picviz "Parallel Coordinates"

CS Lee geek00l at gmail.com
Tue Apr 14 02:57:05 EDT 2009 

hi oguz,

I'm working with sebastien to get things sorted out for better graphing.
There are few solutions to this,

1. use "relative" for the variable you want to plot, that will make it less
clutter

2. use filter, picviz offers filter so you can filter out the flow that you
want only

3. axis turn on/off, since each axis represent single flow field in flow
property, so you can just tell picviz to show certain flow field u want,
e.g, if u just want saddr, daddr and dport, u can do it with picviz since
other axis can be turn on or off, however this feature is only in svn and if
u can wait for picviz 0.6

4. click to highlight the link in parallel coordinates, this is new feature
request and sebastien will implement it soon, only for picviz-gui so you can
navigate the link easily when it is highlighted

There are other features that are going into picviz source, e.g, layering,
however those features will all be revealed only if u are using picviz in
svn, or wait for 0.6.

I supposed this is out of topic in the mailing list here but since you ask,
the reason i'm using picviz for argus flow is because i can quickly see the
pattern from argus flow and plot any flow fields i want quickly.

Cheers.




On Tue, Apr 14, 2009 at 2:26 PM, Oguz Yarimtepe <comp.ogz at gmail.com> wrote:

> On Tue, 2009-03-17 at 01:58 +0800, CS Lee wrote:
> >
> http://www.usenix.org/events/wasl08/tech/full_papers/tricaud/tricaud_html/
>
> I found the site and the method very informative but reading the result
> graph images seems hard if the there are many close values at the graph.
> For ex at your attachment DstAddr and DstBytes parts are really hard to
> read. There should be a more readable way of creating graphs from argus
> flows. Maybe a 3d way will be better. Any solution for that?
>
>


-- 
Best Regards,

CS Lee<geek00L[at]gmail.com>

http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090414/bf02558b/attachment.html>

More information about the argus mailing list