The Shoki Packet Hustler Screenshots
Here are a few screenshots showing the packet hustler in action. Each
of the images below is a link to a full-size version. Some of the images
have some fuzziness due to compression (to keep the images to a manageable
size).
These images are just to show some of the basic look and feel of
hustler(1).
For more information about how to use it to do actual analysis, check
out the manual.
![[Image]](screen1_small.gif)
-
A plot of a very small dataset. The different colours represent the
different clusters (generated via radix clustering). Both the Source Port
and Destination Port axes are log axes in this image. Compare to the image
below.
![[Image]](screen1b_small.gif)
-
The same data as above, but with the Source Port and Destination Port
axes normal (not logarithmic). Source Port versus Destination Port plots
tend to hug the axis, clumping together for ports less than 1024 and then
spread out for higher-numbered ports. A log-log plot tends to give a better
feel for the distribution.
![[Image]](screen3_small.gif)
-
Just some random data. This one is here just to show the popup menus.
![[Image]](screen2_small.gif)
-
A plot of 2,177,565 packets. Just to show I can. According to top(1),
hustler(1) was using 624 MB when this screenshot was taken
(on a 2.8 GHz P4 with a gig of physical memory). Navigation within
hustler(1) was sluggish but usable.
![[Image]](screen4_small.gif)
-
A phase space plot of the IP ID data from the ./test/test_dump.gz
dumpfile provided with the shoki source. This plot uses the first order
differences method of delay coordinates.
![[Image]](screen4b_small.gif)
-
A phase space plot of the same data as above, using the straight delay
coordinate method.
[Shoki Homepage]
[shoki@meshuggeneh.net]
![[Image]](screen1.gif)
![[Image]](screen1b.gif)
![[Image]](screen3.gif)
![[Image]](screen2.gif)
![[Image]](screen4.gif)
![[Image]](screen4b.gif)