$arr_19 ), array( 3, false, $arr_20, $arr_24 ), array( 2, false, "\" />", $arr_25 ) ) ); ?> $arr_27 ), array( 3, false, $arr_28, $arr_30 ), array( 2, false, "\" />\n\n", $arr_31 ) ) ); ?> array( 2, false, false, $arr_9 ), array( 4, $arr_10, "if", $arr_245, $arr_248 ), array( 2, false, "\n", $arr_249 ) ) ); ?> rr_466 ), array( 4, $arr_467, "if", $arr_482, $arr_484 ), array( 2, false, "\n", $arr_485 ) ) ); ?> Pictures » Linux Magazine
 

Tools for visualizing IDS output

The flood of raw data generated by intrusion detection systems (IDS) is often overwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion.

Certain analysis and detection tools use PCAP, the Packet Capture library, to capture traffic. Several PCAP-enabled applications are capable of saving the data collected during a listening session into a PCAP file, which is then read and analyzed with other tools. PCAP files offer a convenient means for preserving and replaying intrusion data.

In this article, I'll use PCAPs to explore a few popular free visualization tools. For each scenario, I'll show you how the attack looks to the Snort intrusion detection system [1], then I'll describe how the same incident would appear through a security visualization application.

[...]

Read full article as PDF »

Security_Visualization_Tools.pdf (472.97 kB)

Comments

  • Hosting PCAPs elsewhere

    In order to provide the PCAPs referred to in the article, I posted them here:
    http://holisticinfosec.org/toolsmith/files/pcap/
    Cheers.

  • Missing PCAP files

    add a 2nd voice to the request for the missing PCAP files. Thanks.

  • Updated reference to the PCAPs in the Security Viz article

    Russ Mcree's article, "Spot intruders with these easy security visualization tools" was a great read. However, the links to to the referenced PCAPs don't appear to be in the archive. Could an updated pointer be posted or could they be uploaded.

    Thanks!
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF »

Security_Visualization_Tools.pdf (472.97 kB)

Tag Cloud

Bruce Byfield Gnome KDE Kernel Linux Linux Pro Magazine Open Source Projects Red Hat Ubuntu events foss free software google

News