[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 583: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/phpbb/session.php on line 639: sizeof(): Parameter must be an array or an object that implements Countable
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4516: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3262)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4516: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3262)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4516: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3262)
Gephi forums •Anyone done any work with netflow and Gephi?

Gephi forums

Please post new questions on facebook group too (https://www.facebook.com/groups/gephi)
https://mail.forum-gephi.org/

Anyone done any work with netflow and Gephi?

https://mail.forum-gephi.org/viewtopic.php?f=29&t=994

Page 1 of 1

Anyone done any work with netflow and Gephi?

Posted: 06 Mar 2011 16:03
by bob_the_web
Hi

I am new to Gephi (and data visualisation at this level) and I would like to experiment at looking at netflow data on Gephi.

The netflow data is roughly in the form:

datetime
srcIP
srcPort
dstIP
dstPort
octets
packets

Can someone guide me on how I process the data to try some visualisation?

Initially I would like srcIP <-> dstIP, with 'weight' being packets (or maybe octets)

I would then like to try with srcPort and dstPort.

Any ideas?
Thanks

Re: Anyone done any work with netflow and Gephi?

Posted: 06 Mar 2011 17:33
by bob_the_web
Still very n00b questions here, and I apologise.

I have run test sample of data and get a simple visualisation that is based on srcIP<->dstIP. The clustering is based on the number of connections (or edges or actually 'flows' )

This is ok, but I would like to weight the graph on packets, and then on octets.

For instance:

Code: Select all

graph1 based only on flows
srcIP       dstIP
10.0.0.1 192.168.1.1
10.0.0.1 192.168.1.2
10.0.0.2 192.168.1.1

graph2 two with weight on packets?
srcIP       dstIP            Packets
10.0.0.1 192.168.1.1  24
10.0.0.1 192.168.1.2  356
10.0.0.2 192.168.1.1  2
How to make show the connection between 10.0.0.1 and 192.168.1.2 in graph2 based on high packets. The thing I can't get my head around is that there are two factors to weight the connection : flows and packets

Could have one flow with high packets, or lots of flows with low packets.....how to show differently?

Thanks for bearing with me on this.
Paul

Re: Anyone done any work with netflow and Gephi?

Posted: 07 Mar 2011 15:30
by Yestin
Hi,
Have a look at this thread, you will get some ideas.http://forum.gephi.org/viewtopic.php?f=4&t=873

Telling about " two factors to weight the connection", I suggest having a look at the data structure of Edge.You can take the two factors as two parameters of an edge.

Re: Anyone done any work with netflow and Gephi?

Posted: 01 May 2011 19:18
by equinox
any result on this? I tried following the answer on the other post, but it talks nothing about visualizing netflow data
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/