Hi
I am new to Gephi (and data visualisation at this level) and I would like to experiment at looking at netflow data on Gephi.
The netflow data is roughly in the form:
datetime
srcIP
srcPort
dstIP
dstPort
octets
packets
Can someone guide me on how I process the data to try some visualisation?
Initially I would like srcIP <-> dstIP, with 'weight' being packets (or maybe octets)
I would then like to try with srcPort and dstPort.
Any ideas?
Thanks
Anyone done any work with netflow and Gephi?
-
- Posts:10
- Joined:06 Mar 2011 12:57 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
-
- Posts:10
- Joined:06 Mar 2011 12:57 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Anyone done any work with netflow and Gephi?
Still very n00b questions here, and I apologise.
I have run test sample of data and get a simple visualisation that is based on srcIP<->dstIP. The clustering is based on the number of connections (or edges or actually 'flows' )
This is ok, but I would like to weight the graph on packets, and then on octets.
For instance:
How to make show the connection between 10.0.0.1 and 192.168.1.2 in graph2 based on high packets. The thing I can't get my head around is that there are two factors to weight the connection : flows and packets
Could have one flow with high packets, or lots of flows with low packets.....how to show differently?
Thanks for bearing with me on this.
Paul
I have run test sample of data and get a simple visualisation that is based on srcIP<->dstIP. The clustering is based on the number of connections (or edges or actually 'flows' )
This is ok, but I would like to weight the graph on packets, and then on octets.
For instance:
Code: Select all
graph1 based only on flows
srcIP dstIP
10.0.0.1 192.168.1.1
10.0.0.1 192.168.1.2
10.0.0.2 192.168.1.1
graph2 two with weight on packets?
srcIP dstIP Packets
10.0.0.1 192.168.1.1 24
10.0.0.1 192.168.1.2 356
10.0.0.2 192.168.1.1 2
Could have one flow with high packets, or lots of flows with low packets.....how to show differently?
Thanks for bearing with me on this.
Paul
-
- Gephi Plugin Developer
- Posts:34
- Joined:22 Mar 2010 10:45 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Anyone done any work with netflow and Gephi?
Hi,
Have a look at this thread, you will get some ideas.http://forum.gephi.org/viewtopic.php?f=4&t=873
Telling about " two factors to weight the connection", I suggest having a look at the data structure of Edge.You can take the two factors as two parameters of an edge.
Have a look at this thread, you will get some ideas.http://forum.gephi.org/viewtopic.php?f=4&t=873
Telling about " two factors to weight the connection", I suggest having a look at the data structure of Edge.You can take the two factors as two parameters of an edge.
-
- Posts:10
- Joined:23 Feb 2011 21:15 [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Re: Anyone done any work with netflow and Gephi?
any result on this? I tried following the answer on the other post, but it talks nothing about visualizing netflow data