Visualized Storm fireworks for your 4th of July

Visualized Storm fireworks for your 4th of July

Turning old Storm news into a celebration of the 4th of July, we applied little AfterGlow magic to fireworks.pcap,
tcpdump -vttttnnelr /home/rmcree/pcap/fireworks.pcap | ./tcpdump2csv.pl "sip dip ttl" | perl ../graph/afterglow.pl -c /home/rmcree/afterglow/src/perl/graph/color.properties -p 2 | neato -Tgif -o fireworks.gif,
and the results look just like the fireworks we hoped they would.
For the analysis of this Storm variant, fireworks.exe, and the resulting fireworks.pcap that lead to this visualization, see http://holisticinfosec.blogspot.com/2008/07/visualized-storm-fireworks-for-your-4th.html.
Happy 4th of July!

information

I made the same graph without problem

I just a question. When I have made the racluster command, the afterglow graph create colr square for the dst port.

Sometime with port tcp reserved and tcp high.

My problem is on this graph, the dst port are sometime tcp source port

ip x.Y.Z -> A.B.C.D 25 : It is ok
ip Q.S.D.F -> G.H.J.K 55022 : the port port is a source port of the ip src and not the dst port, argus took the answer port client for a dst port server,

Do you have any idear in order to solve thi problem.

++