Anyone done any work with netflow and Gephi?

[bob_the_web]

Hi

I am new to Gephi (and data visualisation at this level) and I would like to experiment at looking at netflow data on Gephi.

The netflow data is roughly in the form:

datetime
srcIP
srcPort
dstIP
dstPort
octets
packets

Can someone guide me on how I process the data to try some visualisation?

Initially I would like srcIP <-> dstIP, with 'weight' being packets (or maybe octets)

I would then like to try with srcPort and dstPort.

Any ideas?
Thanks

[bob_the_web]

Still very n00b questions here, and I apologise.

I have run test sample of data and get a simple visualisation that is based on srcIP<->dstIP. The clustering is based on the number of connections (or edges or actually 'flows' )

This is ok, but I would like to weight the graph on packets, and then on octets.

For instance:

Code: Select all

graph1 based only on flows
srcIP       dstIP
10.0.0.1 192.168.1.1
10.0.0.1 192.168.1.2
10.0.0.2 192.168.1.1

graph2 two with weight on packets?
srcIP       dstIP            Packets
10.0.0.1 192.168.1.1  24
10.0.0.1 192.168.1.2  356
10.0.0.2 192.168.1.1  2

How to make show the connection between 10.0.0.1 and 192.168.1.2 in graph2 based on high packets. The thing I can't get my head around is that there are two factors to weight the connection : flows and packets

Could have one flow with high packets, or lots of flows with low packets.....how to show differently?

Thanks for bearing with me on this.
Paul

[Yestin]

Hi,
Have a look at this thread, you will get some ideas.http://forum.gephi.org/viewtopic.php?f=4&t=873

Telling about " two factors to weight the connection", I suggest having a look at the data structure of Edge.You can take the two factors as two parameters of an edge.

[equinox]

any result on this? I tried following the answer on the other post, but it talks nothing about visualizing netflow data