SHOKI

http://shoki.sourceforge.net/

shoki@meshuggeneh.net

The Shoki Packet Hustler Screenshots

Here are a few screenshots showing the packet hustler in action. Each of the images below is a link to a full-size version. Some of the images have some fuzziness due to compression (to keep the images to a manageable size).

These images are just to show some of the basic look and feel of hustler(1). For more information about how to use it to do actual analysis, check out the manual.

[Image]
A plot of a very small dataset. The different colours represent the different clusters (generated via radix clustering). Both the Source Port and Destination Port axes are log axes in this image. Compare to the image below.

[Image]
The same data as above, but with the Source Port and Destination Port axes normal (not logarithmic). Source Port versus Destination Port plots tend to hug the axis, clumping together for ports less than 1024 and then spread out for higher-numbered ports. A log-log plot tends to give a better feel for the distribution.

[Image]
Just some random data. This one is here just to show the popup menus.

[Image]
A plot of 2,177,565 packets. Just to show I can. According to top(1), hustler(1) was using 624 MB when this screenshot was taken (on a 2.8 GHz P4 with a gig of physical memory). Navigation within hustler(1) was sluggish but usable.

[Image]
A phase space plot of the IP ID data from the ./test/test_dump.gz dumpfile provided with the shoki source. This plot uses the first order differences method of delay coordinates.

[Image]
A phase space plot of the same data as above, using the straight delay coordinate method.


[Shoki Homepage] [shoki@meshuggeneh.net]