Visualization Tool for Traffic Monitoring and Botnet Mitigation

Developers: Will Goss, David Stonecypher

Supported by NSF REU CNS-0916857

Developed with GTK 2.7 and maintained with SVN, this tool is used along with Wireshark, the widely used network protocol analyzer, to provide two user-friendly views of the network traffic captured by Wireshark. The first view is shown as a bar graph, which is adjustable and flexible. The user can choose the appropriate size and color for bar lines. The user can also specify to see bar graphs based on different filtering criteria, including protocol, port number, source and destination IP addresses, frame length, packet size, packet content, and packet number. The second view is shown as a pie chart, which provides a summary of captured traffic by portions of particular subsets in the whole packet set. The user can select the graph update frequency by specifying the time scale. One nice feature of the tool is to flexibly update the x axis when a new instance emerges. The user does not need to specify all the lines on the x axis; instead, when a new instance emerges, a new line will be added to the graph, and the thickness and size of the lines will be adjusted automatically to maintain a nice view.

The zipped file of the tool can be downloaded here. To use the tool, it is required that Wireshark is installed and resident on the system. To execute it, open the file /Wireshark_all/all.sln with Visual Studio.