Tools for visualizing IDS output PICTURES

  • AfterGlow
  • Published 2009

Abstract

intrusion detection systems (IDS) is often overwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion. Certain analysis and detection tools use PCAP, the Packet Capture library, to capture traffic. Several PCAP-enabled applications are capable of saving the data collected during a listening session into a PCAP file, which is then read and analyzed with other tools. PCAP files offer a convenient means for preserving and replaying intrusion data. In this article, I'll use PCAPs to explore a few popular free visualization tools. For each scenario, I’ll show you how the attack looks to the Snort intrusion detection system [1], then I’ll describe how the same incident would appear through a security visualization application. In this article, I'll also explore the NetGrok, AfterGlow, Rumint, TNV, and EtherApe visualization tools. Most of these tools are available through the DAVIX Live CD [2], a SLAX-based Linux pre-loaded with several free analysis and visualization applications. The easiest way to explore the tools in this article is to download DAVIX. If you prefer to put these apps on your own native Linux, see the project websites for installation information. You’ll find the PCAP files described in this article at the Linux Magazine/Linux Pro Magazine website [3]. The following discussion assumes you have a basic understanding of intrusion detection systems in general and Snort in particular. If you are new to Snort, see the Snort user’s manual, which you will find at the Snort website [4]. Other excellent Snort tutorials are available online and in print. (See the box titled Further Reading.) Spot intruders with these easy security visualization tools. BY RUSS MCREE Tools for visualizing IDS output

4 Figures and Tables

Cite this paper

@inproceedings{AfterGlow2009ToolsFV, title={Tools for visualizing IDS output PICTURES}, author={AfterGlow}, year={2009} }