Advertisement

Computing

, Volume 96, Issue 1, pp 79–80 | Cite as

PACKTER: implementation of internet traffic visualizer and extension for network forensics

  • Daisuke Miyamoto
  • Takuji Iimura
Article

Abstract

Traffic visualization tools help network operators to maintain awareness of the status of a network, including anomalous activities. Unfortunately, the network operator may look away from the visualizer when beginning network forensics, such as launching a terminal application, logging into a server, and analyzing log files. Thus, the eyesight of the network operator will move from the visual screen even if valuable information is displayed. Our motivation is to develop the ability to use visualization tools as a network operation console. Whereas previous tools focused on outputting packet information, we herein extend the visualizer to accept inputting for operators to start their operations. Since little such software exists for our intent, we develop PACKTER, which is able to visualize traffic based on per-packet information in real time. We also extend PACKTER to have a function of negotiating to a network forensic system, which allows the operator to select an individual packet using a mouse, to start network forensics using a keyboard, and to receive results without looking away from the PACKTER viewer.

Keywords

Network forensic IP traceback Traffic visualization 

Mathematics Subject Classification

68U35 

References

  1. 1.
    InterTrack (2009) IP traceback : a mechanism to find attack paths. Available at: http://www.intertrack.naist.jp/
  2. 2.
    Project Packter (2008) PACKTER: a multi purpose traffic visualizer. Available at: http://www.packter.net/index_e.html

Copyright information

© Springer-Verlag Wien 2013

Authors and Affiliations

  1. 1.Information Technology Center, The University of Tokyo / Project PACKTERTokyoJapan
  2. 2.Project PACKTERTokyoJapan

Personalised recommendations