DAVIX Manual 1.0.1
Contents
1. Wisconsin Mississippi Ilinois Tennessee Louisiana e By clicking into single boxes you can drill down the hierarchy 81 128 3 38 Tulip V Purpose e Visualization tool for linked graphs that supports several layout algorithms Links e Homepage _http www3 labri fr perso auber projects tulip e Manual http www3 labri fr perso auber projects tulip userHandbook php Important install locations e ustr local bin e usr local lib e usr local lib tlp e usr local share tulip Example e Start Tulip through the KDE start menu e Inthe window menu select File mport Graphs Uniform Random Binary Tree e In the dialog box enter for minsize 10 and for maxsize 100 Enter plugin parameter s The following parameters are requested minsize 10 maxsize 100 type int This parameter defines the maximal amount of default 1000 node used to build the randomized tree Restore System Defaults Set as Defaults Cancel 82 128 e To layout the graph use the window menu Algorithm Layout Tree Bubble Tree Tulip Parameter Editor The following parameters are requested node size j viewSize complexity X type Size This parameter defines the property used rage values An existing for node s sizes size property default viewSize Restore System Defaults Set as Defaults Cancel e Just acknowledge the upcomi2. Command m for help w The partition table has been altered Calling ioctl to re read partition table Syncing disks root slax e Now we have to initialize the swap partition mkswap dev hda2 root slax mkswap dev hda2 105 128 Setting up swapspace version 1 size 518184 kB no label UUID 4964f425 7308 4f41 bcla b7b6c2ff4a3c e Create ext3 file system on first partition mkfs ext3 dev hdal root slax mkfs ext3 dev hdal mke2fs 1 40 8 13 Mar 2008 Filesystem label OS type Linux Block size 1024 log 0 Fragment size 1024 log 0 14056 inodes 56196 blocks 2809 blocks 5 00 reserved for the super user First data block 1 Maximum filesystem blocks 57671680 7 block groups 8192 blocks per group 8192 fragments per group 2008 inodes per group Superblock backups stored on blocks 8193 24577 40961 Writing inode tables don Creating journal 4096 blocks done Writing superblocks and filesystem accounting information done This filesystem will be automatically checked every 24 mounts or 180 days whichever comes first Use tune2fs c or i to override e Create ext3 file system on third partition mkfs ext3 dev hda3 root slax mkfs ext3 dev hda3 mke2fs 1 40 8 13 Mar 2008 Warning 256 byte inodes not usable on older systems Filesystem label OS type Linux Block size 4096 log 2 Fragment size 4096 log 2 4857856 inodes 19404
3. done estimate finish Thu May 1 17 23 51 2008 done estimate finish Thu May 1 17 23 34 2008 anslation table size 2048 ckridge attributes bytes 48022 rectory bytes 166354 le size bytes 860 h The File s Block s Ending Padblock Start Block h Ending Padblock Block s space used 64000 xtents written 561 MB should be created now y key to continue 1 9 20 21 25 29 82 LIL 69 180 180 181 287089 287270 150 e Either burn the created ISO image mydavix iso to a CD ROM DVD or use any other deployment method as document in the chapter Deployment Options 4 2 Linux The general steps for modifying the DAVIX ISO under Linux are the following Note that hdc is used here as a sample On you system it could be on another device ID e Open a console e Insert DAVIX CD into your CD or DVD drive On some Linux system the CD will automatically be mounted into mnt hdc e IfDAVIX CD or DVD does not mount automatically you can mount it manually mount dev hdc mnt hdc e Create a new directory on your hard drive e g mkdir p tmp mydavix e Copy the boot and slax directory to the newly created directory cp pvR mnt hdc boot mnt hdc slax tmp mydavix e Make your changes according to the instructions in the following chapters 89 128 e Navigate to the s ax directory on your hard drive using the command cd tmp mydavix slax e Execute the following command to build the ISO image
4. 128 e Open GQview and view image speed png 40 m 30 m 20 m 10 m 0 11 00 11 10 11 20 11 30 11 40 11 50 12 00 61 128 3 26 RT Graph 3D V Purpose e Real time 3D visualization of linked graphs Links e Homepage _http www secdev org projects rtgraph3d Important install locations e usr local bin e usr local lib rtgraph3d Example e Start RT Graph 3D Server through the KDE start menu e Wait until the window named RealTime Graph 3D appears e Start RT Graph 3D Client through the KDE start menu e On the RTG prompt of the client enter edge a b e The linked graph should now be shown We RealTime Graph 3D IOI e On the RTG prompt of the client enter help 62 128 e A list of possible commands is shown Shell Client set_attraction unglow repulsion update 63 128 3 27 rumint V Purpose e Visualization of real time and recorded network captures Since rumint is running in Wine sniffing of real time traffic is not supported Links e Homepage _http www rumint org Important install locations e root wine drive_c Program Files rumint Example e Since rumint is running in Wine it is not possible to capture live network traffic Therefore you have to capture the traffic with Wireshark or tcpdump e Start rumint through the KDE start menu rumint File Toolbars view Help TCS Co ee i Ee e Inthe window menu select File Load PCAP Da
5. make_iso sh tmp mydavix mydavix iso e Either burn the created ISO image mydavix iso to a CD ROM DVD or use any other deployment method as documented the chapter Deployment Options 4 3 Adding and Removing Modules After copying all the SLAX files to the hard drive you can customize the SLAX content Modules can be found in following directories e slax base SLAX core modules Will be loaded on every boot e slax modules Standard modules Will be loaded on every boot e slax optional Optional modules which can be specified in the boot menu You can add or remove modules from these directories as you like 4 4 Overriding Files with rootcopy If you just want to override a specific file in one of the modules you can use the slax rootcopy directory The content of rootcopy will be applied to the union file system as the last step and it allows you to override any file in the file system This feature is very useful when you want to tweak single configuration files like etc X1 I xorg conf But for larger changes the use of modules is encouraged 4 5 Modifying the Boot Menu The boot menu can be modified through the file s ax cfg which can be found in the boot directory Here you can add or remove additional entries in the boot menu To add a new one just append following section to the file 90 128 KDE D initrd boot initrd gz ramdisk size 6666 root dev ram0 rw Help for curren
6. Graphics A 4 Customizing DAVIX ISO Image y Settings gt A 5 Creating and Modifying Module Q System A 6 Deployment Options V Utilities r A 7 Hardware Lost amp Found gt A 8 Networking A 9 Graphic Cards Q Eind Files Folders Ai a Personal Files Home s 11 Acknowledgements Actions 12 Licenses j 9 Run Command A 13 Disclaimer a Switch User gt A 14 Versioning E Lock Session A 15 GNU Free Documentation License Log Out 11 128 If you see a console symbol next to the tool it means that selecting the menu will cause a console to open and some form of help is shown The tool itself is not executed You will be required to do that yourself Afterglow ChartDirector amp Cytoscape EtherApe GGobi glTail Capture gt GNUplot J Process Graphviz GUESS ii afterglow pl afterglow Igl pl afterglow lgl2 pl gt l afterglow walrus pl gt ll bar pl gt ill bar2 pl gt al boxplot pl gt il trendline pl j e Homepage All Applications Internet gt InetVvis gt Manual Office gt Large Graph Layout LGL gt Graphics r Mondrian gt Settings ka MRTG Shell afterglow pl Quick Start Help It is your turn now to find out what all these tools can do and start analyzing your logs If you do not know what you can analyze or visualize check the too
7. Selecta state DA R P F 34 128 3 13 gwhois P Purpose e A generic whois client that can handle web site based whois services Links e Homepage http freshmeat net projects gwhois Important installation locations e usr local bin Example e Open a console e To lookup the country information for an IP address or a host name use geoiplookup davix secviz org root slax gwhois gnu org Process query gnu org Querying whois pir org 43 with whois Domain ID D899661 LROR Domain Name GNU ORG Created On 24 Nov 1995 05 00 00 UTC Last Updated On 05 Sep 2006 15 50 42 UTC Expiration Date 23 Nov 2008 05 00 00 UTC Sponsoring Registrar Gandi SAS R42 LROR Status CLIENT TRANSFER PROHIBITED Registrant ID 0 443631 Gandi Registrant Name GNU FSF Hostmaster Registrant Organization Free Software Foundation Admin ID GH297 GANDI Admin Name GNU FSF Hostmaster Admin Organization Free Software Foundation Tech ID AR41 GANDI Tech Name CONTACT NOT AUTHORITATIVE see http www gandi net whois Tech Organization GANDI SARL Name Server NS1 GNU ORG Name Server NS2 GNU ORG Name Server NS3 GNU ORG Name Server NS4 GNU ORG root slax 35 128 3 14 InetVis V Purpose e Real time visualization of network traffic as a three dimensional scatter plot Links e Homepage __http www cs ru ac za research g02v2468 inetvis html Important install locations e usr local bin e usr local sh
8. Some tools have the ability to cover several parts of the analysis process In the following chapters the tool and its categories are noted in the chapter title All tools described in this manual are accessible through the system PATH Therefore it is generally not required to know the install location To run a tool open a console and then enter the first character of the tool s name and then press the tabulator key for auto completion root slax ru lt TABULATOR gt ruby rumint run with aspell rubyforge run parts runlevel The entry point binaries of most tools are installed in usr local bin For others see the section important install locations in the following tool chapters 14 128 3 1 AfterGlow PV Purpose Links Tool to convert CSV input to a DOT graph description AfterGlow takes a configuration file that configures how the nodes and edges are represented in the DOT file The DOT file can then be graphed via Graphviz In addition to the main tool AfterGlow ships a set of tools to convert CSV data into data formats that can be used with other visualization tools Includes capper pl script from Raffael Marty s book Applied Security Visualization Homepage _http afterglow sourceforge net Manual http afterglow sourceforge net manual html Important installation locations usr local bin usr local share afterglow Example Open a console First a CSV file of sniffed network traffic
9. Source 192 168 16 140 192 168 16 140 Destination 192 168 16 255 192 168 16 255 gt User Datagram Protocol Src Port 138 138 Dst Port 138 138 b NetBIOS Datagram Service gt SMB Server Message Block Protocol b SMR MailSlat Pratacal 87 128 4 Customizing the DAVIX ISO Image You will most likely get quickly to a point where you want to modify the DAVIX image to suit your particular requirements Thanks to SLAX customizing your CD with your own configuration and adding or removing modules is really easy This chapter shows you how to do that Customizing can either be done under Linux or Windows 4 1 Windows The general steps for modifying the DAVIX ISO under Windows are the following e Create a new directory on your hard drive e g D mydavix e Copy the boot and slax directory to the newly created directory e Make your changes according to the instructions in the following chapters e Opena DOS prompt e Navigate to the s ax directory on your hard drive using the command cd d D mydavix slax e Execute the following command to build the ISO image make_iso bat d mydavix mydavix iso D mydavix slax gt make_iso bat D mydavix mydavix iso mkisofs 2 01 i1686 pc cygwin Scanning Scanning boot Scanning boot dos Scanning boot isolinux Excluded by match boot isolinux isolinux boot Scanning boot syslinux Scanning slax Scanning slax base Scanning slax devel Scanning
10. TK I I I I IK KK KK KK KK KKK KKK KAKE_RPT NUT SH ed to send 80 packets x x x x Begin emission Finished to send 3 packets Begin emission Finished to send 2 packets Begin emission Finished to send 2 packets Received 78 packets got 78 answers remaining 2 packets 198 133 219 25 tcp443 198 133 219 25 tcp80 207 46 19 190 tcp443 207 46 19 190 tcp80 1 192 168 16 1 LL 192 L68161 11 192 L68 26 1 11 192 168 16 1 11 2 212 254 136 1 11 212 254 136 1 11 212 254 136 1 LL 212 254 136 1 11 66 128 e To plot the graph use the command res graph ImageMagick ky amp 3 4 Access denied SecViz M ns H e To generate a three dimensional plot use the command res trace3D VPython 67 128 Example Sniffing e Open a console e Execute the command scapy e Sniff some network traffic p sniff count 50 root slax scapy Welcome to Scapy 1 2 0 2 gt gt gt p sniff count 50 e Plot some statistics using the command p plot lambda x len x gt gt gt p plot lambda x 1len x lt Gnuplot Gnuplot Gnuplot instance at 0x84cf0ec gt e The graph is plotted Gnuplot 13 6139 786 892 68 128 3 29 Shell Tools P Purpose e Common UNIX tools for processing text files Links e Tutorial awk http www grymoire com Unix Awk html e Tutorial grep http www panix com elflord unix grep html e Tutorial sed http www grymo
11. allows you using the Windows NDIS Drivers For details on you particular wireless card see NDISwrapper home page and other third party websites Known issues e Not all vendor drivers support the promiscuous mode in their wireless drivers Therefore it can be that sniffing network traffic of other system on the network is not possible 20 NDISwrapper http ndiswrapper sourceforge net 115 128 9 Graphic Cards 9 1 OpenGL The underlying SLAX distribution supports many graphic cards Thus DAVIX should work on most systems There is one big limitation As Open GL runs in simulation mode only it is possible that applications which heavily rely on OpenGL perform poorly GoogleEarth is one example For most visualization tools found on DAVIX no problems should be expected though If you want to have better performance you have to install the vendor supported graphic card drivers Check the vendor web sites for details 3DLabs ATI Elsa Intel atrox NVIDIA S3 SIS N elsa c sin nome cfm Fler let ict lia T Since these vendor drivers have very stringent licensing conditions it is not possible to distribute them with DA VTX 9 2 Multi Head Support If you want to run DAVIX with two or more screens it is most of the time required using the vendor supplied graphic card driver For vendor web sites see the URL list in chapter OpenGL For configur
12. for distribution details ith many contributors n and es in publications 1 line help or for an HTML browse terf to help gt points x t gt title main S xlab Just col main blu cex main 1 2 that numerically eq On my display at hom gt pie rep 1 24 Hit lt Return gt t 57 128 e When you are back on the R command prompt you can start R Commander by executing the command library Rcmdr R Commander File Edit Data Statistics Graphs Models Distributions Tools Help Ra Data set lt No active dataset gt Edit data set View data set Model lt No active model gt Script Window A Output Window Submit Messages NOTE R Commander Version 1 3 11 Sat May 10 19 19 47 2008 f Z AD P e To load some sample data set select in the window menu Data Data in packages Read data set from an attached package e Double click on the entry datasets Read Data From Package Package Double click to select car datasets il j OR Enter name of data set Cancel m Help e To visualize select Graph Histogram in the main window menu 58 128 e Inthe Histogram configuration dialog select the variable you want to visualize e g height and then acknowledge the dialog Histogram Variable pick one height weight Number of bins feauto gt Axis Scaling Frequency counts Percentages v Densities
13. lgl test lgl Done 5 Total Vertex Count 5 Total Edge Count Determining connected sets Found 1 connected sets Writing 1gl1 1210511733 0 1g1 5 Vertex Count 5 Edge Count LGLAYOUT usr local bin lglayout2D o 1g1 1210511733 0 coords e L lgl 12 10511733 0 1g1 Reading in Graph from 1g1 1210511733 0 1gl Vertex Count 5 Edge Count 5 Outer radius is set to 2 23607 Initializing 5 particles Done Initializing grid and placing particles Done Initializing handlers Done Generating Tree and checking for root Nodes Checked 6 Root Node e There are 2 levels Initializing 1 thread s Done Iteration 303 Dx 0 724267 Level 2 Final Settle Iteration 455 Dx 0 745508 Level 2 38 128 LGLREBUILD usr local bin lglrebuild o lgl final coords c 1gl coordFile List Total Total Connected Sets 0 root slax e To view the graph start LGL Viewer through the KDE start menu e Inthe window menu select File Open gl file e From the directory where your fest ncol is located navigate down to the subdirectory lgl and select test g w T C3 1210511574 4 1210511727 c 1210511733 1210511574_new_Igl Igl Bi 1210511727_new_lgl igi O 1210511733_new_lgl igi D final mstigl File Name ltest lgl Files of Type Only Igl files D Open IL Cancel e Inthe window menu select File
14. 128 6 3 1 On Windows with VFAT Formatted USB Stick e First of all you have to get a USB stick Currently a USB stick with at least 1 GB is recommended If you have more it should work as well e Ifthe USB stick supports U3 it is necessary to uninstall the U3 feature using the tool provided by following web site http www u3 com uninstall Welcome to the U3 Uninstall wizard Follow the instructions to reformat your U3 smart drive as a standard USB drive AS IMPORTANT 1 All data on the U3 smart drive will be erased Be sure to back up your data before continuing i Close all U3 smart applications and any applications Uninstall that access your U3 smart drive 4 Ejecting your U3 smart drive or shutting down the computer before the process is complete may damage Jone Done the device cd I want to remove the U3 Launchpad and erase ALL the data on the device Click Next to uninstall About U3 Uninstall Cancel 97 128 Then open the MMC console and add the Disk Management Snap in iti Console Eile Action View Favorites Window Help e omens sa ii Console Root Disk Management Local Console Root Bs Disk Management Local amp Data D E Program C LAX E USB STICK G Layout Type File System status capacity Free Space Free Fault Tolerance Over Partition Basic NTFS Healthy 55 00 GB 4 34 GB 7 No 0 Partition Basic NTFS Healthy System 1
15. 168 16 150 38246 lt gt 192 168 16 1 domain 2 152 CON 00 15 29 748438 e tcp 192 168 16 150 54920 gt 2164925 177 115 http 491 476787 CON 00 15 29 748465 e tcp 192 168 16 150 54921 gt 216 92 177 115 http 405 388328 CON 00 15 29 750016 ed tcp 192 168 16 150 54522 gt 64 191 203 30 http 59 42903 CON 00 15 30 744245 e udp 192 168 16 150 48256 lt gt 192 168 16 1 domain 2 452 CON 00 15 30 824766 e tcp 192 168 16 150 57185 gt 209 85 161 127 http 18 9758 CON 00 15 32 169042 e tcp 192 168 16 150 54524 gt 64 191 203 30 http 10 3943 CON 00 15 32 447994 e tcp 192 168 16 150 43754 gt e To stop the ARGUS daemon execute the command sh etc rc d rc argus stop 17 128 3 3 Chaosreader P Purpose e The tool allows reassembly of content in network traffic capture files The extracted information is then made available as HTML report where the individual content elements can be accessed Links e Homepage _http chaosreader sourceforge net Important installation locations e usr local bin Example e Sniff some network traffic as described in tool chapters tcpdump C or Wireshark CV and save it as sniff cap eth1 Capturing Wireshark File Edit View Go Capture Analyze Statistics Help SMASH SAXSG Leo 0FZ Filter v 4p Expression amp Clear lt Apply e Open a console e To reassemble content from traffic execute chaosreader sniff cap root slax ch
16. 2008 Mon Jul html 28 15 192 168 16 150 47834 859 i asm 2 l00 18 09 s gt 216 92 151 5 80 Pt P bytes Session_0002 part_O1 html 2008 213 bytes e To get an overview of all reassembled images press the ink Image Report i iplosion security _ j Chaosreader Image Rep G X Chaosreader Image Report Created at Mon Jul 28 00 19 41 2008 Type tcpdump Images Mon Jul 28 00 18 11 2008 8 192 168 16 150 47506 gt 209 85 161 127 80 Mon Jul 10 28 2008 00 18 15 192 168 16 150 56911 gt 71 183 55 9 80 r FED ave 7 9 a MAILMAN e ea vi2SEC 0E Mon Jul 19 28 192 168 16 150 56913 19 128 3 4 ChartDirector V Purpose e Programming library to generate a wide variety of charts Links e Homepage http www advsofteng com e Manual file usr local share chartdirector doc cdperl htm Important install locations e usr lib perl5 site_perl 5 8 8 e usr local share chartdirector Example e To generate a pie chart create a Perl script test p with the following contents usr bin perl use perlchartdir my data 10 20 25 10 5 40 my Slabel Dogs Cats Birds Spiders Rats Mice my c new PieChart 400 300 Sc gt setPieSize 200 150 75 Sc gt setData data Slabel Sc gt makeChart test png e Open a console e Then execute the script with the command perl tes
17. Graphic Card Intel Corporation Mobile 945GM GMS 943 940GML Express Integrated Graphics Controller LAN Network Card Marvell Technology Group Ltd 88E8055 PCI E Gigabit Ethernet Controller Wireless Network Chipset Atheros Communications Inc AR242x 802 1labg Wireless PCI Express Adapter PC Brand amp Type Lenovo ThinkPad T60 CPU Type T2400 1 83 GHz Memory 1 GB Graphic Card ATI Mobility Radeon X1400 LAN Network Card Intel PRO 1000 PL Wireless Network Chipset Intel PRO Wireless 3945ABG PC Brand amp Type Lenovo ThinkPad T60 CPU Type Intel R Core TM 2 CPU T5600 1 83GHz Memory 2 GB Graphic Card ATI Radeon Mobility X1400 LAN Network Card Intel Corporation 82573L Gigabit Ethernet Controller Wireless Network Chipset Intel Corporation PRO Wireless 3945ABG Network Connection PC Brand amp Type HP dv9000 CPU Type AMD 64 TL 56 Memory 2 GB Graphic Card NVIDIA 6150 LAN Network Card NVIDIA MCP51 LAN Wireless Network Chipset Not supported directly Requires ndiswrapper PC Brand amp Type HP nx7400 CPU Type Intel Centrino Duo Memory Graphic Card LAN Network Card Wireless Network Chipset PC Brand amp Type HP nc6320 CPU Type Intel Centrino Duo Memory Graphic Card LAN Network Card Wireless Network Chipset 109 128 PC Brand amp Type HP Pavil
18. Important install locations e usr local bin e usr local lib tnv e usr local share tnv Example e Start tnv through the KDE start menu e Acknowledge the startup dialog by pressing the button Begin using TNV e In the upcoming dialog set your local network IP range in our example it is 192 168 16 0 with the network mask 255 255 255 0 Setup your home local network Enter home local network address 0 255 in each field and netmask You can change this setting later 92 es 16 24 55 255 255 0 v en save e Inthe Open Database Connection dialog select Embedded Open Database Connection Choose the type of database to use Embedded O MySQL DB Host Port DB name Username Password 78 128 e Inthe window menu select Capture Capture Packets e g eth0 Capture Packets Capture packets in promiscuous mode Capture Device Limit each packet to 1 500 Stop Capture C Stop after number of packets e Open Firefox and do some surfing e When you are done press the Stop capture button in tnv Elapsed Time 7 seconds Packets captured 0 Capturing Packets Packets dropped 0 The graph is rendered TNV 3133 packets 05 10 08 20 46 52 05 10 08 20 48 39 File View Capture In the Capture Packets dialog select the network interface you want to monitor O x Help 20 46 00 20 46 36 20 47 12 20 47 48 20 48 24 i i 1
19. Open 2D Coords file e From the directory where your fest ncol is located navigate down to the subdirectory g and select final coords 39 128 Look In a S BE 1210511574 1210511733_new_IgL igl 4 1210511727 1210511733_vertex_file_match c 1210511733 Dy coordFileList 1210511574_new_IgL igl final coords 1210511574_vertex_file_match final mstigl 1210511727_new_IgL igl C testigl 1210511727_vertex_file_match File Name final coords e The graph should now be drawn e To display the node ids press in the tool bar section the radio button Show All IDs 2D Edge Viewer File Edit Highlight Format Find umo m om up oown tere mom re _Snapsnox Show All IDs Show All Vertices 40 128 Example 3D e Open a console e First a space separated file with the data has to be prepared echo e a b nc d nc e ne d nb e gt test ncol e Then the graph can be generated using the following command lgl3d test ncol root slax 1g13d test ncol GLBREAKUP usr local bin lglbreakup d 1g1 1210512148 lgl test 1gl Loading lgl test 1lgl Done 5 Total Vertex Count 5 Total Edge Count Determining connected sets Found 1 connected sets Writing lgl1 1210512148 0 1gl1 5 Vertex Count 5 Edge Count LGLAYOUT usr local bin lglayout3D o 1g1 1210512148 0 coords e 1 1g1 1210512148 0 1g1 Reading in Graph from 1gl1 1210512148 0 1
20. Shape Remove Shape Change Color Change Shape Subnets 0 Hosts som 60_ 90 _ 120 15Q 180 210 30 l 15 Feb 05 17 02 02 ArgusData 178_78 usr local shari Netflow Files Used 49 128 0 1 2 3 4 5 6 7 9 2 Ge n G al y on 21 22 23 24 5000 IPCountVis Set Galaxy View User Notes IPCountVis Set Small Multiple View ser Notes about the Galaxy View Sdad emonmannte silane sini ean ta sins me IDC 3 19 Parvis V Purpose e Rendering of data as parallel coordinate display Links e Homepage http home subnet at flo mv parvis e Introduction http home subnet at flo mv parvis introduction html e User Manual http home subnet at flo mv parvis documentation html Important install locations e usr local bin e usr local lib parvis e usr local share parvis Example e Start Parvis through the KDE start menu e Inthe window menu select File Open e Inthe file open dialog navigate to usr local share parvis data e Open one of the graphs in this directory e g voyager stf Look In I data IM lal le a ele B cameras stf D cars stf C cereal stf C coal_disasters stf B detroit stf Bi pupils stf C voyager stf File Name voyager stf Files of Type STF Gimple Table Format Data Files x Open il Cancel e Inthe t
21. data lv S H c test G 43causesofdeath 65plus tm3 Bi 43causesofdeath 65plus tms Ly census tm3 census tms Bi Directory_Settings tms Bi election no hierarchy tm3 B election no hierarchy tms 4 election with hierarchy tm3 Bi election with hierarchy tms G Firearms eg1 tms Firearms eg2 tms Firearms tm3 Bi graph txt nba no hierarchy tm3 nba no hierarchy tms Ri nba with hierarchy tm3 G simple1 tm3 LY simple2 tm3 File Name election with hierarchy tm3 Files of Type Treemap File tm3 txt tms v Open Cancel 80 128 e The treemap is then rendered usr local share treemap data election with hierarchy tm3 Treemap 4 1 Data File loaded at 21 23 51 on 05 08 2008 File Options Help 4 Details of selected node Attribute 2 Rockies Label Montana Idaho Number of nodes Colorado ar Main Legend Filters Hierarchy Restore default settings Rhode Island Pennsylvania Maryland i Hawaii Partitioning New Mexico Method Squarified v Flip slice and dice axes Connecticut Delaware Washington 4 Midwest Font size North Dakota Nebraska Oklahoma Minnesota lt H 0 4 8 12 16 20 Border Padding South Dakota Kansas 10 West Virginia Virginia Show item labels Ctrl D V Show Border Ctrl B
22. ecien i a save k aie neediness 116 1O FAO ae E A e E 117 10 1 General nentis R E E E AEA 117 10 2 Troubleshooting x sai ctyateecr cases n a a eee 117 10 3 ho 0 0 8 A Aamir gene ROS Re ae ET ee eT Rn ETP 118 10 4 Build Fnvironm ent essnee rennarar ane Guest eae Nass 118 10 5 Image Distribution iedereen iiai ae a a e ARE E 118 Ift Ackiowledgements ireccio ninnan e A E a a ia 119 12 EE E E A E D sn ble ne dys ttc aca ares asa 120 12 1 SKOJ RANET R AER EE dace EA arenes sow vaca ares A 120 12 2 SUBHCSNSS ATOPIDUTION snieni ras an eiar annaia 120 12 3 DOCUMENTATION ssia oten a EA a E EE 120 13 Boise AMINED erenn itnn o E E E E E AA 121 3 128 14 15 Versioning GNU Free Documentation License ccccccccccecececececececececececececececeeecs 4 128 1 DAVIX Visualize Your Logs 1 1 Introduction Need help understanding gigabytes of logs Your OS performance metrics do not make sense You want to analyze your SAP user permissions Then DAVIX the live CD for visualizing IT data is your answer DAVIX the Data Analysis amp Visualization Linux brings the most important free tools for data processing and visualization to your desk There is no hassle with installing an operating system or struggle to build the necessary tools to get started with visualization You can completely dedicate your time to data analysis The DAVIX CD is based on SLAX 6 0 x by Tom Mat j ek and features broad out of the box hard
23. has to be generated using the command tcpdump vttttnneli eth0 tcpdump2csv pl sip dip dport gt sniff csv Open Firefox and do some extended surfing Press Ctrl C in the console window where tcpdump is running To transform the CSV file to a GraphViz dot file execute cat sniff csv afterglow pl gt sniff dot To render the sniff dot into a GIF file use the command neato Tpng o sniff png sniff dot S Example partly taken from AfterGlow manual http afierglow sourceforge net 15 128 e To view the result open GQview with command gqview sniff png GQview File Edit View Help ERTA eS sniff png 496 159 05 11 08 15 52 ea in aS VAN wag e Y WV Sort by name 484 5 K 1 files 484 5 K 1 1237 x 2500 496 159 bytes aye al 16 128 3 2 ARGUS CP Purpose e Captures and analyze network transaction information Links e Homepage http qosient com argus e Manual http qosient com argus manuals htm Important installation locations e etc argus conf e etc re d rc argus e usr local bin e usr local sbin e usr local share afterglow Log directory e var log argus Example e Open a console e To start the ARGUS daemon execute the command sh etc rc d rc argus start e For live monitoring use the following command to connect to the daemon ra S 127 0 0 1 e Generate some traffic with Firefox to get log entries 00 15 29 748387 e udp 192
24. in VESA compatibility mode but I will lake support for high resolutions Q LAN is not available after booting under VMware How can I fix it A Open a console and execute ifconfig If the interface ethO is missing then execute ifconfig ethO up Then execute dhcped ethO and check by executing ifconfig that the IP address is assigned If not try to execute dhcpced eth0 again If this does not solve your issue reboot the VM and or physical machine Q After using one of the network capture tools within VMware the network stack is dead What can I do A First shutdown the network interface with ifconfig ethO down Then execute dhcpcd ethO and check by executing ifconfig that the IP address is assigned If not try to execute dhcpcd eth0 again If this does not solve your issue reboot the VM and or physical machine 117 128 10 3 Support Q I have a problem with DAVIX Where can I discuss it A We have created a Google Group davix support Check for answer there first If your problem is new register and post your questions there Q Where can I report a bug or a feature request A We utilize Google Code for bug tracking To report a bug you are required to create a Google account and contact us such that we can put you on the project member list If this to much fuss for you can report bugs directly to us jan monsch at iplosion com 10 4 Build Environment Q Which OS did you use as a build
25. of view Tov Click to modify the aspect ratio The perspective function nective projection applying foreshortening making distant objects appear smaller than closer ones The parameters define a viewing volume with the shape of truncated pyramid w w W w w w w w Objects near to the front of the volume appear their actual size while farther objects appear smaller This projection simulates the perspective of the world more accurately than orthographic pl The version of perspective without parameters sets the default spective and the version with four parameters allows the prog o set the area precisely 3 April 2005 void setup size 200 200 P3D noStroke tL e Press the Stop button in the workbench tool bar to stop visualization 56 128 3 24 R Project V Purpose e Tool for statistical analysis that offers a great variety of graphing capabilities Links e Homepage http www r project org e Introduction http cran r project org doc manuals R intro html e Manual http cran r project org manuals html Important install locations e usr local bin e usr local lib R Example e Start R Project through the KDE start menu e After receiving the R command prompt you can start the demo by executing demo graphics Shell R Project oundation for Statistical Computing comes with A UTELY NO WARRANTY tribute it under certain ditions ence
26. publishers or authors of the Document to the Document s overall subject or to related matters and contains nothing that could fall directly within that overall subject Thus if the Document is in part a textbook of mathematics a Secondary Section may not explain any mathematics The relationship could be a matter of historical connection with the subject or with related matters or of legal commercial philosophical ethical or political position regarding them The Invariant Sections are certain Secondary Sections whose titles are designated as being those of Invariant Sections in the notice that says that the Document is released under this License Ifa section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant The Document may contain zero Invariant Sections If the Document does not identify any Invariant Sections then there are none The Cover Texts are certain short passages of text that are listed as Front Cover Texts or Back Cover Texts in the notice that says that 123 128 the Document is released under this License A Front Cover Text may be at most 5 words and a Back Cover Text may be at most 25 words A Transparent copy of the Document means a machine readable copy represented in a format whose specification is available to the general public that is suitable for revising the document straightforwardly with generic text editors or for images compos
27. s license notice These titles must be distinct from any other section titles You may add a section Entitled Endorsements provided it contains nothing but endorsements of your Modified Version by various parties for example statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard You may add a passage of up to five words as a Front Cover Text anda passage of up to 25 words as a Back Cover Text to the end of the list of Cover Texts in the Modified Version Only one passage of Front Cover Text and one of Back Cover Text may be added by or through arrangements made by any one entity If the Document already includes a cover text for the same cover previously added by you or by arrangement made by the same entity you are acting on behalf of you may not add another but you may replace the old one on explicit permission from the previous publisher that added the old one The author s and publisher s of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version 5 COMBINING DOCUMENTS You may combine the Document with other documents released under this License under the terms defined in section 4 above for modified versions provided that you include in the combination all of the Invariant Sections of all of the original documents unmodified and list them all as Invariant S
28. slax directory to the newly created directory cp pvR mnt live mnt hdc boot mnt live mnt hdc slax mnt sdal e Writing to the flash memory will take a while So grab a coffee J e Change to the boot directory on the USB stick cd mnt sdaI boot e Execute liloinst sh and acknowledge the messages The USB stick is now made bootable This installer will setup disk dev sda to boot only Slax from dev sdal Warning Master boot record MBR of dev sda will be overwritten If you use dev sda to boot any existing operating system it will not work anymore Only Slax will boot from this device Be careful Press any key to continue or Ctrl C to abort Flushing filesystem buffers this may take a while Updating MBR to setup boot record Warning dev sda is not on the first disk Warning The initial RAM disk is too big to fit between the kernel and the 15M 16M memory hole It will be loaded in the highest memory as though the configuration file specified large memory and it will be assumed that the BIOS supports memory moves above 16M Added Slax Disk dev sda should be bootable now Installation finished Read the information above and then press any key to exit e Reboot your system and boot from USB stick When you are seeing the DAVIX boot menu you are done 103 128 6 4 Hard Drive DAVIX can also be installed on hard disk where all SLAX modules have been extracted The
29. system for your modules A A full installation of Slackware 12 0 and dropline Gnome 2 20 0 was used for compiling applications from source code Several DAVIX packages have been directly taken from the Slackware and dropline GNOME distribution and have been converted with tgz2 zm to SLAX packages Q Can I build DAVIX from ground up A Currently the build scripts do not allow automated building of the CD Therefore we refrain from publishing the scripts When we have fixed the build environment we will certainly publish the build scripts 10 5 Image Distribution Q How can I provide a download mirror for DAVIX A Create a cron job with following command and report the HTTP or FTP download URL to us jan monsch at iplosion com rsync av 82 197 185 121 davix to wherever it goes on your sever 2 DAVIX Support Google Group hitp grou 2 DAVIX Google Code Project hnttp code google com p davix 118 128 11 Acknowledgements We would like to thank all people who have contributed to DAVIX in one form or another Without them DAVIX would not have been possible Thank you In particular we would like to thank Gabriel Mueller for his regression testing efforts which tremendously help improving lots of details on the CD as well as in the manual A very big thanks to Greg Conti for his encouraging feedback which showed us that we are on the right track Above all Greg and John Goodall have given us a p
30. the following mrtg command a couple of times The error messages during the first two runs are normal mrtg tmp mrtg cfg mrtg tmp mrtg cfg mrtg tmp mrtg cfg e Create a cron job which calls mrtg every now and then using the command mrtg tmp mrtg cfg 45 128 e After a couple of runs open i e mp 192 168 16 5_ him in Firefox to view the graph Traffic Analysis for 1 DEIMOS1 System DEIMOS1 in Maintainer Description HP ETHERNET MULTI ENVIRONMENT ROM H 08 08 JETDIRECT EX JD34 EEPROM H 08 49 ifType ethernetCsmacd 6 ifName Max Speed 10 0 Mbits s Ip 192 168 16 5 The statistics were last updated Sunday 18 May 2008 at 3 02 at which time DEIMOS1 had been up for 9 52 22 Daily Graph 5 Minute Average Bits per Second 4 B 10 12 14 15 1 2 2 0z k Loco 2 o a2 6 Max Average Current In 8304 0 b s 0 1 8304 0 b s 0 1 8304 0 b s 0 1 Out 208 0 b s 0 0 208 0 b s 0 0 208 0 b s 0 0 46 128 3 18 NVisionIP V Purpose e Animated two dimensional scatter plot of ARGUS files Links e Homepage http security ncsa uiuc edu distribution N VisionIPDownLoad html e Quick Start Guide http security ncsa uiuc edu distribution N VisionIPDownLoad html Run Important install locations e usr local bin e usr local lib NVisionIP e usr local share N VisionIP Example e Start NVisionIP through the KDE start menu
31. 3 12 GUESS V Purpose e Display and interaction with two dimensional link graphs Has the capability to use a scripting language to process graphs Links e Homepage _http graphexploration cond org documentation html e Tutorial http guess wikispot org Tutorial e Manual http guess wikispot org manual Important install locations e usr local bin e usr local lib guess lib e usr local share guess Example e Start GUESS through the KDE start menu e Click the button Load GDF GraphML Welcome to GUESS 2 Would you like to open an existing database load a graph definition file or start with a blank space Existing Database Load GDF GraphML Empty e In the file dialog click the browse button the one with the three dots and navigate to usr local share guess e Inthe drop down list Files of Type select All Files 33 128 e Open one of the graphs in this directory e g sample gdf Lookin G3 guess gal fa HH o demo E guess bat E test xml licenses guess sh E test2 htm scripts E jython bat E testprefuse html 3 Tools E jythonc bat E testtouchgraph ht guess console noopengl bat nohost gdf guess console bat README TX guess noopengl bat sample gdf guess src jar E test html File Name sample gdf Files of Type All Files Cancel Acknowledge all the dialogs and wait for the graph to be loaded Guess Visualization Interpreter
32. 41 47 milkyway ipmon 93 00 41 47 018679 sis3 0 58 b 192 168 48 10 1761 gt 123 123 123 123 443 PR tcp len 20 48 S IN To stop the syslog ng daemon execute the command sh etc rc d rc syslog ng stop 73 128 3 33 tcpdump C Purpose e Command line tool for sniffing network traffic Links e Homepage http www tcpdump org e Manual http www tcpdump org tcpdump_man html Important install locations e usr sbin Example e Open a console e To capture network traffic into a file from the network interface eth0 use the following command tcpdump s0 i eth0 w test cap 74 128 3 34 tcpreplay P Purpose e Actually a suite of three tools which allows to replay capture network traffic back to the network tcpreplay rewrite packets in capture files tcprewrite and a pre processing tool for both mentioned tools tcpprep Links e Homepage http tcpreplay synfin net trac e Manual http tcpreplay synfin net trac wiki Documentation Important install locations e usr local bin 75 128 3 35 Timesearcher 1 V Purpose e Analysis of time series data Links e Homepage _http www cs umd edu hcil timesearcher e Manual http www cs umd edu hcil timesearcher docs index html Important install locations e usr local bin e usr local lib timesearcher1 e usr local share timesearcher Example e Start Timesearcher 1 through the KDE start menu e In the file dialog click the bro
33. 511 blocks 970225 blocks 5 00 reserved for the super user First data block 0 Maximum filesystem blocks 0 593 block groups 32768 blocks per group 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks 32768 98304 163840 229376 294912 819200 884736 1605632 2654208 4096000 7962624 11239424 Writing inode tables don Creating journal 32768 blocks done Writing superblocks and filesystem accounting information done This filesystem will be automatically checked every 23 mounts or 180 days whichever comes first Use tune2fs c or i to override e Create a mount point for the third partition mkdir mnt hda3 e Mount the third partition to the newly created mount point mount dev hda3 mnt hda3 106 128 e Inthe KDE start menu System select BackTrack Installer Experimental e Configure BT Installer as follows Source BackTrack CD mnt live mnt sdal slax Install BackTrack to mnt hda3 Write New MBR lilo mbr to dev hda Installation method Real Restore Original MBR after lilo unchecked e Press the Jnstall button e Installing DAVIX on hard drive will take a while So grab a coffee J e Press the Close button e Shutdown DAVIX e Remove install media like CD or USB stick e Boot your system When you are seeing the DAVIX boot menu you are done 107 128 T Hardware SLAX and therewith DAVIX runs on normal PCs as well as in virtua
34. 8 Guest OS Type Other Linux 2 6 Kernel Host OS Ubuntu Gutsy Herdy Virtualization Software Virtualbox 1 5 6 Guest OS Type Other Linux 2 6 Kernel Host OS Ubuntu Gutsy Herdy Virtualization Software Qemu 0 9 0 Guest OS Type Other Linux 2 6 Kernel Host OS FreeBSD 7 0 Stable Virtualization Software Qemu 0 9 1 Guest OS Type Other Linux 2 6 Kernel Host OS Mac OS 10 5 2 Virtualization Software Parallels 3 0 Build 5584 Guest OS Type Other Linux Host OS Mac OS 10 5 2 Virtualization Software VirtualBox 1 5 51 Guest OS Type Linux 2 6 Host OS Mac OS 10 5 2 Virtualization Software VirtualBox 1 6 0 Guest OS Type Linux 2 6 Host OS Mac OS 10 5 3 Virtualization Software VMware Fusion 1 1 2 Build 87978 Guest OS Type Other Linux 2 6 Kernel 112 128 8 Networking 8 1 LAN Networking Wired LAN with DHCP should work out of the box on most systems In some cases e g under VMware it can sometimes happen that the interface ethO is not up after booting The following procedure shows you how to troubleshoot connectivity problems For simplicity reasons the example shown here are based on the network interface ID eth0 For your particular system it can be different e First check if your network cable is attached and if the LEDs on your network card or sw
35. 800 x 600 640 x 480 640 x 400 Refresh Rate X 85 Hz Configure Display gt Ctril Q aga 4 49 10 128 2 4 Analyze To find out what tools are available on DAVIX take a look at the KDE start menu The top four entries contain the modules provided by DAVIX To simplify documentation access we have provided the links to the tool homepages and tutorials in the KDE start menu Additionally each tool menu offers direct access into DAVIX manual for a quick start example EtherApe All Applications GGobi b pavix gt MB giTail gt amp Capture GNUplot Mj Process Graphviz Visualize amp Internet gt Inetvis 4 A DAVIX Example Office gt Large Graph Layout LGL gt Me conaoune a Graphics gt amp Mondrian A Settings gt M MRTG meee amp System gt NVisionIP Utilities gt Parvis You can access the manual through the desktop short cut DAWA Mantal Alternatively you can access the manual chapter wise through the KDE start menu All Applications DAVIX DAVIx Homepage gt JS DAVIX Manual Complete amp Capture Control Center Ja Process gt DAVIX Manual By Chapter A Contents Visualize k 4 1 DAVIX Visualize Your Logs Internet gt Ss 2 Quick Start Guide Office gt B 3 Tools Showing You the Ropes
36. 9 53 GB 2 28 GB 11 No 0 Partition Basic CDFS Healthy 489MB 0MB 0 No 0 Partition Basic FAT Healthy Active 3 77 GB 3 05 GB 81 0 gt a Program C Data D 19 53 GB NTFS 55 00 GB NTFS Healthy System Healthy USB STICK G 3 77 GB FAT Healthy Active SLAX E 489 MB CDFS Healthy partition Logical drive Format G Volume label File system Allocation unk si I Perform a quick format F Enable file and folder compression USB STICK FAT32 7 Cancel 98 128 e Copy the directories boot and slax from the DAVIX CD DVD to the USB stick 10 x Fle Edt ass Favorites Tools Help ss ae Q sax Q Bi 4 Search jy Folders EK Address E Ee Folders x Name Size Type Date Modified E Desktop My Computer Se Program C Se Data D CD Drive E File Folder 13 04 2008 22 42 boot File Folder 13 04 2008 22 43 slax Sw USB STICK G Hee itl 2 objects selected Z e Writing to the flash memory will take a while So grab a coffee J e Open the DOS prompt and navigate to the boot directory on the USB stick WINDOWS system32 cmd exe C gt g G gt cd boot G Nboot bootinst bat m e Execute bootinst bat and acknowledge the messages The USB stick is now made bootable cx Select C WINDOWS system32 cmd exe bootinst bat Warning Master Boot Record lt MB
37. 92 168 16 140 yy 192 168 16 220 1388 192 168 16 1 T da a hd Filter Display Ports 20 46 00 20 49 00 Protocol colors Birce Mlupp Mlicme Moo Macki Murs Mest dost colors 1 53025 Column time interval 3 Home Network 194 16d 16 24 255 255 255 0 4 Set You must restart to apply Local host sort order Arrival order Remote host sort order Arrival order Number of Columns GQ 3 7 11 15 rDefault Host Height p 25 50 75 100 Selected Status 79 128 3 37 Treemap V Purpose e Visualization of hierarchical data as treemaps Links e Homepage _http www cs umd edu hcil treemap e Manual http www cs umd edu hcil treemap doc4 1 toc html Important install locations e ust local bin e usr local lib treemap e usr local share treemap Example e Start TreeMap through the KDE start menu e The tool gives give a license warning that it can only be used for non commercial purposes If you agree to the license conditions press Agree otherwise Exit e In the file open dialog navigate to usr local share treemap data e Open one of the graphs in this directory e g election with hierarchy tm3 Open Treemap Data or Settings ox Look In C
38. Card Matrox Millennium P650 PCIe 128 LAN Network Card NVIDIA nForce Networking Controller Wireless Network Chipset No wireless adapter 110 128 PC Brand amp Type Custom built PC based on Gigabyte GA K8NF 9 motherboard CPU Type AMD Athlon 64 X2 Dual Core Processor 4400 2 21 GHz Memory 2 GB Graphic Card NVIDIA GeForce 6500 LAN Network Card NVIDIA nForce Networking Controller Wireless Network Chipset No wireless adapter 7 1 2 Incompatible Hardware The hardware listed here is known to have problems PC Brand amp Type Dell Dimension E521 CPU Type AMD Memory g Graphic Card LAN Network Card Wireless Network Chipset Issue Graphic card and USB not detected PC Brand amp Type lenovo 3000 n200 CPU Type Intel Core 2 Duo Memory 7 Graphic Card NVIDIA GeForce Go 7300 with Turbo Cache LAN Network Card Wireless Network Chipset Issue Under KDE the start menu does not show text and icons 111 128 7 2 Virtual Machines DAVIX runs as guest operating system on several different virtualization platforms Following configurations are known to work Host OS Windows XP SP2 Virtualization Software VMware Workstation 6 0 3 Build 80004 Guest OS Type Other Linux 2 6 Kernel Host OS Ubuntu Gutsy Herdy Virtualization Software VMware Server 1 0 4 Build 5652
39. DAVIX The Data Analysis and Visualization Linux Version 1 0 1 Authors Jan P Monsch jan d t monsch at iplosion d t com Raffael Marty raffy at secviz d t org 1 128 Contents ls DAVIX Vis ali ze Your Logs cose cece aavese Since sts d i agii a 5 Ii Introductions cetenssiesceasesennecssadaeasnone e tecats daveencaeauiect es 5 I2 RO ACIIAD recen aa n a a a a a mati a a e 5 Don Quick Stare SUNOS 24 cit r a E tated ott a ate A E che A 6 2e MTNA se a a a a a a a assed eons eccbete 6 2 2 MUI ser Sag a ae oh Pate els 2 Ge A R E 7 23 MAQ OG si decs sod cadsc uss acistg vsaseceuc bg ce eydaneccan actu a a a aai a deen acs 9 XA ENVOY ZC snes ncaa aa ade vya Cada mete E amlaanasatign a ne EA E A tne 11 De Whatto Do INCRE aso skl2 aed noel nnna uae set ag toes a ducvauee cammaau eters aaa 13 3 Tools Showing You the ROPES 4 5 ocs sos dacle sdayoseesavccsay dscateseescoseeateesaacons ueateens 14 Sede AfterGlow CPV ene aea a a E E AA A 15 3 2 CARGUS CP occa arttivares altuteteslvcna stat UeahochOas isasadedir Ss seteiaractivateisetuetectas 17 Jon Chaosteader P tores oa etal E ca ctensysedevaaeacius ne eaaamanereens 18 34 ChartDirectot CV Jensona aa a aati ais aes 20 Bide CHTOSCAPS CV cisveccisseccis das aasia cna Shaves daceng a coagenes r i 21 3 60 lt vEtherApe V erei naian aa aa Aa EA ied EEE R iaaa SS 23 BPs COUP Pener a E E E E E EE ER ERE 24 38 MIGIODI CV reanna e a aar uae aunaentacees 25
40. IIe EEE NVN readies ie e o O A EA i ZY 3 10 GNUPIOt V ar as a a a a Reo iin veka ah lies 29 3 11 Graphi A V e E O E N E A 31 3 12 CESS Vs as EE E E E EAE E cea Onto keds 33 3 13 GW OIG P nr tact a E EA E E E OR E 35 3 14 Tnet Vis V a a N A a E N a a N a mE PDN he ene 36 3 15 Large Graph Layout LGL V ess sssssssssessesessssessessessessessressessresersseeseese 38 3 16 Monda OV E sauces E E ase ee 43 3 17 MRTG V ierra A E TARE GE A aa EE 45 3 18 NVISIONIP V Jaaa a a a a A R 47 3 19 ARV IS V Jee a a EE E E A 50 3 20 Passive Asset Detection System PADS CP ou cecceeceeeseeteeeeteceteeeees 52 3 21 IAKAET SA VY cotta eae eae ite aaeecrn es oe aster ee eee es 53 322 aOR O EEEE A A E A 54 3 23 Processing V iessiris i monre aE EARE EE eS i 55 3 24 R Project V aona e E a a EOR 57 3 25 RRDtool V Jeer enaa aaa a a a a e Ean 60 3 26 RT Graph SCV Visca vee erent n a Renters A at al Neate tent 62 3 27 TUME V r a a A a Ae re a RAT RE SE 64 3 28 Scapy CPV jeressinan iaoea te eaters RR RRR 66 3 29 Shell Tools Pheann a ee AEA 69 3 30 Shoki Packet H stler V eernesinneriinnnn aai 70 3 31 Snort CP Jeren a eter gauss A R a EA irae 72 3 32 syslog No OPen a a a a a t see 73 3 33 tepd mp C erisnimi ara a EE Ea Oa ARER E RADNER ERRARE TORRA ESS 74 3 34 tepreplay P no ire a EER EA REER 75 3 35 Tim seareher T V enn iins a E AE E EN ae 76 3 36 mY NV Jenaan aa a a a a ae ela 78 3 37 Treemap CV cits divest oa
41. If you distribute a large enough number of copies you must also follow the conditions in section 3 You may also lend copies under the same conditions stated above and you may publicly display copies 3 COPYING IN QUANTITY If you publish printed copies or copies in media that commonly have printed covers of the Document numbering more than 100 and the Document s license notice requires Cover Texts you must enclose the copies in covers that carry clearly and legibly all these Cover Texts Front Cover Texts on the front cover and Back Cover Texts on the back cover Both covers must also clearly and legibly identify you as the publisher of these copies The front cover must present the full title with all words of the title equally prominent and 124 128 visible You may add other material on the covers in addition Copying with changes limited to the covers as long as they preserve the title of the Document and satisfy these conditions can be treated as verbatim copying in other respects If the required texts for either cover are too voluminous to fit legibly you should put the first ones listed as many as fit reasonably on the actual cover and continue the rest onto adjacent pages If you publish or distribute Opaque copies of the Document numbering more than 100 you must either include a machine readable Transparent copy along with each Opaque copy or state in or with each Opaque copy a computer network l
42. Links e Homepage http etherape sourceforge net Important install locations e usr local bin e usr local etc etherape e usr local share etherape Example e Start EtherApe through the KDE start menu e EtherApe will go directly into monitoring mode e Open Firefox and generate some network traffic EtherApe will then visualize your network connections EtherApe E Ot i File Capture View Help p IJ a oS ia Start Pause Stop Pref Pror Protocols DOMAIN TCP TCP Unkne Reading data from etho in IP mode 23 128 3 7 GeolP P Purpose e Lookup of country information for an IP address or a host name e When the extended geo coding databases are purchased from MaxMind latitude and longitude information are displayed Links e Homepage _http www maxmind com app ip location Important installation locations e usr local bin Example e Open a console e To lookup the country information for an IP address or a host name use geoiplookup davix secviz org root slax geoiplookup davix secviz org GeoIP Country Edition US United States 24 128 3 8 GGobi V Purpose e Visualizes data with different graphs and allows brushing Links e Homepage http www ggobi org e Manual usr local share ggobi manual manual pdf e XML Input Format usr local share ggobi manual xml pdf Important install locations e etc xdg ggobi e usr local bin e ustr loca
43. NU General Public License which is a copyleft license designed for free software We have designed this License in order to use it for manuals for free software because free software needs free documentation a free program should come with manuals providing the same freedoms that the software does But this License is not limited to software manuals it can be used for any textual work regardless of subject matter or whether it is published as a printed book We recommend this License principally for works whose purpose is instruction or reference 1 APPLICABILITY AND DEFINITIONS This License applies to any manual or other work in any medium that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License Such a notice grants a world wide royalty free license unlimited in duration to use that work under the conditions stated herein The Document below refers to any such manual or work Any member of the public is a licensee and is addressed as you You accept the license if you copy modify or distribute the work in a way requiring permission under copyright law A Modified Version of the Document means any work containing the Document or a portion of it either copied verbatim or with modifications and or translated into another language A Secondary Section is a named appendix or a front matter section of the Document that deals exclusively with the relationship of the
44. R gt of the device G will be overwritten If G is a partition on the same disk drive like your Windows installation then your Windows will not boot anymore Be carefult Press any key to continue or kill this window x to abort cn CA WINDOWS system32 cmd exe bootinst bat Setting up boot record for G wait please Disk G should be bootable now Installation finished Read the information above and then press any key to exit e Reboot your system and boot from USB stick When you are seeing the DAVIX boot menu you are done 99 128 6 3 2 On Linux with VFAT Formatted USB Stick Although VFAT is supported by the SLAX kernel the mAfs vfat is missing on the SLAX image Therefore the first steps have to done in Windows e First of all you have to get a USB stick Currently a USB stick with at least 1 GB is recommended If you have more it should work as well e Ifthe USB stick supports U3 it is necessary to uninstall the U3 feature using the tool provided by following web site http www u3 com uninstall e Then open the MMC console and add the Disk Management Snap in e Format the USB stick partition with FAT32 and the default allocation size e Leave the USB inserted in the computer e Boot DAVIX from CD ROM e Open a console e The USB should have been mounted automatically to mnt sdal Execute mount to cross check root slax mount aufs on type aufs rw proc on proc type proc rw s
45. Stick e First of all you have to get a USB stick Currently a USB stick with at least 1 GB is recommended If you have more it should work as well e Ifthe USB stick supports U3 it is necessary to uninstall the U3 feature using the tool provided by following web site http www u3 com uninstall e Leave the USB inserted in the computer e Boot DAVIX from CD ROM in KDE mode e Open a console e To find out which device ID your hard disk has execute the command sfdisk list For simplicity of this example sda has been chosen Your device ID may be different So watch out root slax sfdisk list Disk dev sda 1019 cylinders 127 heads 62 sectors track Units cylinders of 4031488 bytes blocks of 1024 bytes counting from 0 Device Boot Start End cyls blocks Id System dev sdal O 1018 1019 4011772 83 Linux dev sda2 0 0 0 0 Empty dev sda3 0 0 0 0 Empty dev sda4 0 0 0 0 Empty e Use mount to make sure that all file systems on the USB stick are unmounted root slax mount aufs on type aufs rw proc on proc type proc rw sysfs on sys type sysfs rw 101 128 usbfs on proc bus usb type usbfs rw dev hdal on mnt hdal type ext3 rw noatime dev hda3 on mnt hda3 type ext3 rw noatime dev sdal on mnt sdal type xfs rw noatime e If there is still a file system e g sdal mounted then unmount it umount dev sdal e Wipe the USB stick to avoi
46. Vv a ace wo e The histogram is now plotted R Graphics Device 2 ACTIVE D oO pus o 5 T o a u 66 68 70 72 women height 59 128 3 25 RRDtool V Purpose e A tool for graphing time series data Links e Homepage _http oss oetiker ch rrdtool e Tutorial http oss oetiker ch rrdtool tut rrdtutorial en html Important install locations e usr local bin e usr local lib e usr local rrdtool 1 2 26 e usr local share rrdtool Example e Open a console e To set up the round robin database use the following command rrdtool create test rrd start 920804400 DS speed COUNTER 600 U U RRA AVERAGE 0 5 1 24 RRA AVERAGE 0 5 6 10 e To update the database with data use the following commands rrdtool update test rrd 920804700 12345 920805000 12357 920805300 rrdtool update test rrd 920805600 12363 920805900 12363 920806200 rrdtool update test rrd 920806500 12383 920806800 12393 920807100 rrdtool update test rrd 920807400 12405 920807700 12411 920808000 rrdtool update test rrd 920808300 12420 920808600 12422 920808900 12363 12373 12399 12415 12423 e The following command generates a PNG file with the graph rrdtool graph speed png start 920804400 end 920808000 DEF myspeed test rrd speed AVERAGE LINE2 myspeed FF0000 14 Partly taken from RRDtool Tutorial http oss oetiker ch rrdtool tut rrdtutorial en html 60
47. aosreader sniff cap Chaosreader ver 0 94 Opening sniff cap Reading file contents 100 464470 464470 Reassembling packets 100 713 741 Creating files Num Session host port lt gt host port Service 0016 192 168 16 150 48184 74 125 39 103 80 http 0035 192 168 16 140 1163 192 168 16 150 22 ssh 0008 192 168 16 150 47506 209 85 161 127 80 http 18 128 0002 192 1 0011 192 1 0014 192 1 0007 192 1 0025 192 1 0009 192 1 0015 192 1 0031 192 1 Unreachable root slax 68 16 150 68 16 150 68 16 150 68 16 150 68 16 150 68 16 150 68 16 150 68 16 150 247834 216 92 151 5 80 796912 71 183 555 9330 247322 192 168 16 1 53 259449 192 168 16 1 53 2514 192 168 16 1 514 249664 192 168 16 1 53 51945 192 168 16 1 53 192 168 16 1 http http domain domain syslog domain domain ICMP Destination e Then open the generated report in Firefox using firefox index html iplosion security _ Chaosreader Report sn X Chaosreader Report File sniff cap Type tcpdump Created at Mon Jul 28 00 19 41 2008 Image Report Click here for a report on captured images GET POST Report Click here for a report on HTTP GETs and POSTs HTTP Proxy Log Click here for a generated proxy style HTTP log TCP UDP Sessions Mon Jul 28 0 192 168 16 150 41618 184 1 00 18 09 s lt gt 192 168 16 1 53 7 lbytes as html
48. are inetvis Example e Start JnetVis through the KDE start menu e Inthe netVis Control Panel select the menu Mode Monitor Local Host Due to a bug in the application you have to select the menu even when the flag is already set Otherwise you will not be able to monitor live traffic InetVis Control Panel File Replay Record View Help Replay Capture File ee EJ Monitor Local Host ana O Replay Speed Record D timescte fp k F p omg Historic View pA time window 1 S 00 00 04 K O Filter BPF expression Event buffer 0 36 128 e Then open the browser and do some surfing in the Internet In the 3D scatter plot window you will see dots appear fig2 168 16 255 J 2008 05 08 19 09 25 265 37 128 3 15 Large Graph Layout LGL V Purpose e Generation of two and three dimensional link graphs Links e Homepage http lgl sourceforge net Important install locations e usr lib perl5 site_perl 5 8 8 e usr local bin e usr local etc e usr local lib lgl e usr local share lgl Example 2D e Open a console e First a space separated file with the data has to be prepared echo e a b nc d nc e ne d nb e gt test ncol e Then the graph can be generated using the following command lgl2d test ncol root slax 1g12d test ncol GLBREAKUP usr local bin lglbreakup d 1g1 1210511733 lgl test 1gl Loading
49. ation hints check the README and INSTALL files coming along the vendor driver packages 21 List taken from GoogleEarth Help http earth google com support bin answer py answer 21462 116 128 10 FAQ 10 1 General Q What does DAVIX stand for A DAVIX is an abbreviation for Data Analysis and VIsualization Linux Q Which Linux distribution is DAVIX based on A DAVIX utilizes the SLAX 6 0 x as a base Q What is the difference between DAVIX and BackTrack A BackTrack is focused on penetration testing Although several tools can be found in both distributions DAVIX concentrates on the aspects of data mining and visualization Q Why is GoogleEarth not distributed with DAVIX A Google has a very stringent license that prohibits redistribution of GoogleEarth Although we love to distribute it with DAVIX we are not allowed to 10 2 Troubleshooting Q When booting DAVIX from CD DVD I get the following message Cannot read module data Corrupted download How can I fix it A Most likely you burned the CD DVD with a high burning speed Some CD DVD readers have problems reading this kind of media We recommend burning the CD DVD with the lowest speed available Q When booting DAVIX in KDE mode the menus are missing text How can I fix it A This is most likely a graphic driver issue We recommend you installing the vendor driver and try again As an alternative you can boot DAVIX
50. c snort stop S Bleeding Edge Threats http www bleedingthreats net 72 128 3 32 syslog ng CP Purpose Links New generation syslog daemon that allows for easy post processing of log events In DAVIX syslog ng is configured to receive remote syslog data through the UDP and TCP ports 514 Local syslog events are not handled through syslog ng They are dealt with the standard syslog daemon Homepage __http www balabit com network security syslog ng Manual http www balabit com dl html syslog ng admin guide _en html bk01 toc html Important installation locations etc rc d re syslog ng e etc syslog ng e usr local bin e usr local sbin Log directory e var log syslog ng Example Open a console To start the syslog ng daemon execute the command sh etc rc d rc syslog ng start The syslog messages are recorded in a log file To view the messages tail this log file with following command tail f var log syslog ng syslog ng Redirect your device syslog to DAVIX to populate the log file The syslog messages should now be shown in the console where you are tailing root slax var log syslog ng tail f syslog ng Jul 28 00 41 38 milkyway ipmon 93 00 41 38 084572 sis3 0 58 b 192 168 48 10 1761 gt 123 123 123 123 443 PR tcp len 20 48 S IN Jul 28 00 41 41 milkyway ipmon 93 00 41 41 002881 sis3 0 58 b 192 168 48 10 1761 gt 123 123 123 123 443 PR tcp len 20 48 S IN Jul 28 00
51. d later problems when installing the boot loader dd if dev zero of dev sda bs 1M root slax dd if dev zero of dev sda bs 1M dd writing dev sda No space left on device 3920 0 records in 3919 0 records out 4110227968 bytes 4 1 GB copied 557 438 s 7 4 MB s e Then we have to partition the hard drive Execute fdisk dev sda root slax fdisk dev sda Device contains neither a valid DOS partition table nor Sun SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0x66b7eb5d Changes will remain in memory only until you decide to write them After that of course the previous content won t be recoverable Warning invalid flag 0x0000 of partition table 4 will be corrected by w rite e Create partition according to the options below Command m for help n Command action e extended p primary partition 1 4 P Partition number 1 4 1 First cylinder 1 1019 default 1 ENTER Using default value 1 Last cylinder or size or sizeM or sizeK 1 1019 default 1019 ENTER Using default value 1019 e Activate the partition as bootable Command m for help a Partition number 1 4 1 e Create xfs file system on first partition mkfs xfs dev sdal e Create a mount point for the third partition mkdir mnt sdal 102 128 e Mount the third partition to the newly created mount point mount dev sdal mnt sdal e Copy the boot and
52. e Inthe window MultiDataSetChooser press the button Load Load Load Seq files Selected files for Visualization Remove File ClassB IP Header 141 142 Intervals to split data into 25 47 128 In the file open dialog navigate to usr local share NVisionIP samples C ArgusData_146_78 C ArgusData_178_78 C NCSAUnified_98_97 FileName ArgusData_ 178_78 Files of Type All Files v Open Cancel Open one of the file in this directory e g ArgusData_178 78 In the window MultiDataSetChooser enter into the field ClassB IP Header the following value 778 78 MultiDataSetChooser Load Seq files Remove File Netflow File Format Amuse ClassB IP Header 178 78 Intervals to split data into 25 ok cancer Press the button OK The data set is now loaded 48 128 e Move the slider bar at the bottom of the window to advance the scatter plot across the time line A NVisionIP Galaxy View of Class B 178 78 lt 0 255 gt lt 0 255 gt Address Space File State DataView Tools Help NVisionIP Version 1 4 NCSA SIFT Group Galaxy View set to AllPortVis Small Multiple View set to AllPortVis Number of entries 469 0 wg 1 827 Max 108 Min 1 Default Filter Options All IPs All Ports All Protocols Flow Connections count Filter Reset Filters Add Bin Remove Bin Add
53. e into the extracted document and follow this License in all other respects regarding verbatim copying of that document 126 128 7 AGGREGATION WITH INDEPENDENT WORKS A compilation of the Document or its derivatives with other separate and independent documents or works in or on a volume of a storage or distribution medium is called an aggregate if the copyright resulting from the compilation is not used to limit the legal rights of the compilation s users beyond what the individual works permit When the Document is included in an aggregate this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document If the Cover Text requirement of section 3 is applicable to these copies of the Document then if the Document is less than one half of the entire aggregate the Document s Cover Texts may be placed on covers that bracket the Document within the aggregate or the electronic equivalent of covers if the Document is in electronic form Otherwise they must appear on printed covers that bracket the whole aggregate 8 TRANSLATION Translation is considered a kind of modification so you may distribute translations of the Document under the terms of section 4 Replacing Invariant Sections with translations requires special permission from their copyright holders but you may include translations of some or all Invariant Sections in addition to the original versions of
54. e jcc asiscascdlideasneeacd aie 95 6 2 Other Virtualization Environments s sseseseseessessesseessessrssrosseesresresseeses 96 Ged US SUCK E E E E 96 6 3 1 On Windows with VFAT Formatted USB Stick eee eeeeeeee 97 6 3 2 On Linux with VFAT Formatted USB Stick 0 eee eeceeseeeteeeee 100 6 3 3 On Linux with xfs Formatted USB Stick eee eeeesseeeteeeteeeees 101 64o Hard Drive x ctectetra Missense designs Geaeies E cos ean aa ease 104 To MEA ATL WW AES aesa e later fe Sees a wane esos e Odessa ating eat aas aed Aa es Heeb a oenaetee 108 Tels Physical Machines as4 0ccas vas cis isc paaey cage R R ER anes 108 7 1 1 Hardware Known to Work s sesssesssesssssesseessesresseesseserssressessesseessesse 108 dae ncompatible Hatdwatecc icctcsshantisckeu dab cestokaaxaatavecdnettanenes 111 Deda 9 Virtua WC ETC Sos Foes ed AN e cen Sd Seascale hc as doae ad tates 112 8 PSC EVAN peta mare cn ceh ce galate once de Dense oa teat A a Sactios us Soeur vac eeae enV ees Se 113 SLi EAN Networking essri nrar ced has a a a a iaaa ute 113 8 2 Witeless Networking assis en an RE R R a h 113 8 2 1 Kernel Supported Drivers s ssesessseessesesssressesrrssressessrsseesseesesressee 113 8 22 INDUS WIRD el aynen a e a AA oe ea 115 Oe Graphic Cards saiacin caches datesucheditns cotuesi ince cele a E ts dude a a AE aT 116 91i YAP STAs bss Da cs pscya e a A A laa yan snccadas AT EE ENEA EEST 116 9 2 M lti Head Support
55. e original publisher of that version gives permission B List on the Title Page as authors one or more persons or entities responsible for authorship of the modifications in the Modified Version together with at least five of the principal authors of the Document all of its principal authors if it has fewer than five unless they release you from this requirement C State on the Title page the name of the publisher of the Modified Version as the publisher D Preserve all the copyright notices of the Document E Add an appropriate copyright notice for your modifications adjacent to the other copyright notices F Include immediately after the copyright notices a license notice giving the public permission to use the Modified Version under the terms of this License in the form shown in the Addendum below G Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document s license notice H Include an unaltered copy of this License I Preserve the section Entitled History Preserve its Title and add to it an item stating at least the title year new authors and publisher of the Modified Version as given on the Title Page If there is no section Entitled History in the Document create one stating the title year authors and publisher of the Document as given on its Title Page then add an item describing the Modified Version as stated in the previous sentence J Preser
56. e the entry CD ROM Drive to the first position in boot order Press F10 and confirm changes by selecting Yes 6 1 3 Installation on Virtual Hard Drive Before continuing with this chapter please setup the basic virtual machine as described in chapter Virtual Machine Setup Start the virtual machine and continue with the steps set out in chapter Hard Drive 95 128 6 2 Other Virtualization Environments Our testers have reported that DAVIX works with the following other virtualization suites Parallels 3 0 Build 5584 e QEMU 0 9 e VirtualBox 1 6 0 e VMware Fusion 1 1 2 Build 87978 For the exact environments which the virtualization suites have been tested with see chapter Virtual Machines 6 3 USB Stick It is possible to run DAVIX from a USB stick This has the advantages that booting from stick in general is faster and it allows for changes to be made persistent The following step by step instructions will help you to achieve this The procedures were successfully tested with following USB sticks Corsair FlashVoyager 16GB Kingston 1GB SanDisk Cruzer TITANIUM 4GB SanDisk Cruzer Micro 4 GB SONY Micro Vault 1 GB Pretec 02GB Cha Cha 2 GB A word of warning e To avoid data loss the system should be shutdown properly before removing the USB stick In particular the VFAT is quite prone to such abuse If you want to have a robust solution use xfs as file system instead For details see xfs instruction below 96
57. ear lt Apply Frame 1 216 bytes on wire 216 bytes captured Ethernet II Src 00 15 58 31 a1 b2 00 15 58 31 a1 b2 Dst ff ff ff ff ff ff ff ff ff ff ff ff Internet Protocol Src 192 168 16 140 192 168 16 140 Dst 192 168 16 255 192 168 16 255 User Datagram Protocol Src Port 138 138 Dst Port 138 138 NetBIOS Datagram Service SMB Server Message Block Protocol SMB MailSlot Protocol Microsoft Windows Browser Protocol ooo ff ff ff ff ff ff 00 15 58 31 al b2 08 00 45 00 010 00 ca aa e9 00 00 80 11 ec 5d cO a8 10 8c cO a8 020 10 ff 00 8a 00 8a OO b ae 13 11 Oe Ya 19 cO a8 030 10 8c 00 8a 00 a0 OO 00 20 45 4e 45 50 45 50 45 etho ziive capture in progress gt F il Packets 86 Displayed 86 Marked 0 j Profile Default AA e To stop recording select the window menu Capture Stop e Inthe center window frame you can now navigate through the dissected protocol layers b Frame 1 216 bytes on wire 216 bytes captured gt Ethernet II Src 00 15 58 31l al b2 00 15 58 3l al b2 DSE ff ff ff ff ff ff ff ff ff ff ff ff I Internet Protocol Src 192 168 16 140 192 168 16 140 Dst 192 168 16 255 192 168 16 255 Version 4 Header length 20 bytes b Differentiated Services Field 0x00 DSCP 0x00 Default ECN 0x00 Total Length 202 Identification xaae9 43753 b Flags 0x00 Fragment offset 0 Time to live 128 Protocol UDP 0x11 b Header checksum Oxec5d correct
58. ections of your combined work in its license notice and that you preserve all their Warranty Disclaimers The combined work need only contain one copy of this License and multiple identical Invariant Sections may be replaced with a single copy If there are multiple Invariant Sections with the same name but different contents make the title of each such section unique by adding at the end of it in parentheses the name of the original author or publisher of that section if known or else a unique number Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work In the combination you must combine any sections Entitled History in the various original documents forming one section Entitled History likewise combine any sections Entitled Acknowledgements and any sections Entitled Dedications You must delete all sections Entitled Endorsements 6 COLLECTIONS OF DOCUMENTS You may make a collection consisting of the Document and other documents released under this License and replace the individual copies of this License in the various documents with a single copy that is included in the collection provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects You may extract a single document from such a collection and distribute it individually under this License provided you insert a copy of this Licens
59. ed of pixels generic paint programs or for drawings some widely available drawing editor and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters A copy made in an otherwise Transparent file format whose markup or absence of markup has been arranged to thwart or discourage subsequent modification by readers is not Transparent An image format is not Transparent if used for any substantial amount of text A copy that is not Transparent is called Opaque Examples of suitable formats for Transparent copies include plain ASCII without markup Texinfo input format LaTeX input format SGML or XML using a publicly available DTD and standard conforming simple HTML PostScript or PDF designed for human modification Examples of transparent image formats include PNG XCF and JPG Opaque formats include proprietary formats that can be read and edited only by proprietary word processors SGML or XML for which the DTD and or processing tools are not generally available and the machine generated HTML PostScript or PDF produced by some word processors for output purposes only The Title Page means for a printed book the title page itself plus such following pages as are needed to hold legibly the material this License requires to appear in the title page For works in formats which do not have any title page as such Title Page means the text near the mos
60. ependency checking and requires you to investigate the package dependencies yourself and convert all required packages to SLAX modules as well The pragmatic approach is to convert the particular module you want to run and integrate it into the DAVIX ISO Then you boot DAVIX and try to execute one of the binaries in your module If there is an error that a specific library is missing then you have found an unsatisfied dependency You then have to identify the Slackware package where the library can be found and convert it to a SLAX module And then the testing starts again 5 3 Customize Existing SLAX or DAVIX Modules If you want to tweak a single SLAX or DAVIX package a just little it is possible to extract a SLAX module using following command lzm2dir foo bar 1 0 lzm foo bartarget dir You can then modify the extracted files to your needs and repack the directory to a SLAX module with following command dir21zm foo bartarget dir foo bar 1 0 lzm 93 128 6 Deployment Options The following options show you the different ways to install DAVIX on different types of media The step by step guides are generic and also apply to other SLAX distributions 6 1 VMware DAVIX can be run inside VMware without any problems Even OpenGL is supported The procedures were successfully tested with e VMware Workstation 6 0 3 Build 80004 6 1 1 Virtual Machine Setup For all the described VMware deployments the f
61. etry limit 7 RTS thr off Fragment thr off Encryption key off Power Management off Link Quality 0 Signal level 0 Noise level 0 Rx invalid nwid 0 Rx invalid crypt 0 Rx invalid frag 0 Tx excessive retries 0 Invalid misc 218 Missed beacon 0 no wireless extensions Before being able to scan you have to startup the wireless device with the command ifconfig eth0 up Then you can scan for wireless LANs using iwlist ethO scan After a while a list of available Wireless access points will be visible If you favorite on is missing redo the scan root slax iwlist eth0 scan etho Scan completed Cell 04 Address 00 DE AD BE EF 00 ESSID xxx Protocol IEEE 802 11b ode Master Frequency 2 412 GHz Channel 1 Encryption key off Bit Rates 1 Mb s 2 Mb s 5 5 Mb s 11 Mb s Quality 83 100 Signal level 83 dBm Extra Last beacon 184ms ago If your access point requires a WEP key then enter iwconfig eth0 key dead beaf dead beaf dead beaf de To attach to your desired access point with ESSID xxx use the following command iwconfig eth0 essid xxx Then start the DHCP agent dhcpcd eth0 Check if dynamic IP address was assigned ifconfig If it does not work retry the previous 7 steps 114 128 8 2 2 NDISwrapper If the steps in the previous chapters do not work out for you you can try to get wireless running with the NDIS Drivers DAVIX supports the ndiswrapper which
62. fers various case examples and shows you hands on how to get from the log file to the visualization Another good book on the topic is Greg Conti s book Security Data Visualization It shows you many samples on how security data can be visualized Most likely you will stumble over a thing or two in DAVIX that you would like to tweak Or some of your favorite tools are not included with DAVIX Well then it is time to read the following chapters Customizing the DAVIX ISO Image and Creating and Modifying Modules To get informed about the newest development of DAVIX we recommend you registering with the Google Group davix announce For support questions register with Google Group davix support 8 Applied Security Visualization http www informit com store product aspx isbn 0321510100 Rough Cuts Version of the book Applied Security Visualization http safari informit com 97803 10 Security Data Visualization http www amazon com Security Data Visualization Greg Conti dp 1593271433 ie UT F8 amp s books amp qid 1183891229 amp sr 8 1 1 DAVIX Announcement Google Group http eroups google ch group davix announce DAVIX Support Google Group http eroups g0ogle ch group davix support 21585530 13 128 3 Tools Showing You the Ropes The important tools in DAVIX are organized in three categories depending on their use within the analysis process e Capture C e Process P e Visualize V
63. filters unused All packets 0 62000 302 71 128 3 31 Snort CP Purpose e Intrusion Detection System to analyze life traffic or network capture files e DAVIX comes with the Bleeding Edge Threads rules Since the Bleeding Edge Threats project is currently inactive the rules are not current We suggest you to register at Snort and get current VRT and install them into DAVIX Links e Homepage _http www snort org e Manual http www snort org docs snort_htmanuals htmanual_282 VRT Rules _ http www snort org pub bin downloads cgi Important installation locations etc re d rc snort e etc rules e etc snort e usr local bin e usr local share doc snort Log directory e var log snort Example e Open a console e To start the Snort daemon execute the command sh etc rc d rc snort start e The Snort alerts are recorded in a log file To view the alerts tail this log file with following command tail f var log snort ethO alert e Open Firefox and access following URL http www iplosion com davix 255 255 255 o255cmd exe e In the snort alert log the attack should now be visible as Double Decoding Attack root slax tail f var log snort ethl alert 07 28 00 35 55 048842 119 2 1 http_inspect DOUBLE DECODING ATTACK ee Priority 3 TCP 192 168 16 150 49785 gt 192 168 80 10 80 To stop the Snort daemon execute the command sh etc rc d r
64. ge on to a CD ROM or DVD The following screenshots show how to use Nero Burning ROM for this task Open Nero Burning ROM from the Windows start menu e Inthe Windows menu choose Recorder Burn Image and select in the file dialog the ISO image you want to burn f Nero Burning ROM File Edit view Recorder Extras Database Window Help i pis ez i Choose Recorder Strg R rm Copy a ron E HL DT ST DVDRAM GS4 4033N BA Burn Compilation Strg B Copy Disc Erase Rewritable Disc Q Eject Disc Strg E Disc Info Strg I e To achieve highest compatibility with CD DVD readers we recommend burning with the slowest speed possible Burn Compilation 21x co v Info Burn Action O gt B Boils maximum speed CD Image z Simulation i Write I Finalize disc No further writing possible Writing Write speed fiex z4o0Ke s Write method rack at once Number of copies fou IV Buffer underrun protection T Use multiple recorders a el c e Ou e Select the burn options and press the button Burn Nero Burning ROM hitp www nero com 7 128 e When the burning progress dialog is shown select the option Verify written data Time Event Q 17 24 44 HL DT ST DYDRAM G5A 4083N Buffer underrun protection activated HL DT ST DYDRAM GSA e The CD or DVD will now be burned This can take a while to finish 8 128 2 3 Boot After CD creation reboot
65. gl Vertex Count 5 Edge Count 5 Outer radius is set to 1 70997 Initializing 5 particles Done Initializing grid and placing particles Done Initializing handlers Done Generating Tree and checking for root Nodes Checked 6 Root Node e There are 2 levels Initializing 1 thread s Done Iteration 303 Dx 0 731679 Level 2 Final Settle Iteration 455 Dx 0 747695 Level 2 Done GLREBUILD usr local bin lglrebuild o lgl final coords c lgl coordFileList Total Total Connected Sets 0 Current Connected Set 1 e To generate the VRML file use the following command genVrml pl lgl test lgl lgl final coords root slax genVrml pl 1gl test 1gl 1gl1 final coords Loading coords Done Generating node text coordinates in VRML Done Loading edges from file Done Generating lines in VRML Done Writing to lgl final coords wrl Done 41 128 e To view the result start FreeWRL freewrl lgl final coords wrl File Navigate Preferences Help 42 128 3 16 Mondrian V Purpose e Generation and display of a variety of charts that are linked Links e Homepage _http rosuda org Mondrian Important install locations e usr local bin e usr local lib mondrian e usr local share mondrian Example e Start Mondrian through the KDE start menu e From the window menu select File Open and open any one of the files fou
66. gs 14 generic cksum OFIF5CA2 rule ie e 192 168 16 220 36390 Linux 2 6 newer 2 up 4 hrs gt 216 92 151 5 80 distance 0 link ethernet modem 192 168 16 220 35442 Linux 2 6 newer 2 up 4 hrs gt 216 92 177 115 80 distance 0 link ethernet modem 192 168 16 220 50819 Linux 2 6 newer 2 up 4 hrs gt 209 85 161 147 80 distance 0 link ethernet modem 54 128 3 23 Processing V Purpose e A visualization framework that allows you to program visualizations in Java style language and provides a runtime environment to view these programs Links e Homepage _http processing org Important installation locations e usr local bin e usr local lib processing e ust local share processing Example e Start Processing through the KDE start menu e From the window menu select Fi e Open and open any one of the PBE files found in the subdirectories of usr local share processing examples e g Perspective pde Open a Processing sketch Enter path or folder name fusrflocal share processing examples 3D and OpenGL Camera Perspective Filter Han _ Folders Files data Enter file name Perspective pde OK Filter Cancel 55 128 e The source code is now loaded into the Processing workbench Perspective Processing 0135 Beta File Edit Sketch Tools Help Perspective f Perspective iw w w Move ithe mouse left and right to change the field
67. ion Slimline s7710 CPU Type AMD Athlon 64 X2 Dual Core Processor 3800 Memory 1GB Graphic Card nVidia GeForce 6150 LE LAN Network Card nVidia MCPS51 Ethernet Controller Wireless Network Chipset PC Brand amp Type No Name AMD PC CPU Type AMD Sempron tm 2600 Memory 0 5 GB Graphic Card ATI Technologies Inc Radeon RV250 Radeon 9000 Secondary rev 01 LAN Network Card Digital Equipment Corporation DECchip 21142 43 rev 30 Wireless Network Chipset PC Brand amp Type Shuttle SK22G2 CPU Type Dual Core AMD 2500 Memory 1 GB Graphic Card NVIDIA GeForce 7300 LE LAN Network Card VIA Compatible Fast Ethernet Adapter Wireless Network Chipset Intel PRO Wireless 2200BG PC Brand amp Type Toshiba Satellite A10 S169 CPU Type P4M at 2 2GHz Memory 0 5 GB Graphic Card Intel 82852 855GM LAN Network Card Intel PRO 100 VE Wireless Network Chipset Netgear WG511T Atheros based Intel PRO Wireless 2200BG does not work PC Brand amp Type Custom built PC CPU Type Intel Core 2 6600 Dual Core 2 4 GHz Memory 2 GB Graphic Card NVIDIA 7950 GT LAN Network Card Marvel Yukon 88E8056 Gigabit Wireless Network Chipset No wireless adapter PC Brand amp Type Custom built PC based on Gigabyte GA K8NF 9 motherboard CPU Type AMD Athlon 64 X2 Dual Core Processor 4400 2 21 GHz Memory 2 GB Graphic
68. ire com Unix Sed html Important install locations e usr bin Example e Open a console e To extract the first column of a colon separated text file use awk F print 1 etc passwd root slax awk F print 1 etc passwd root bin daemon adm lp e To grep a single line from a text file use grep root etc passwd root slax grep root etc passwd root x 0 0 root bin bash e To egrep lines for multiple patterns use egrep root apache etc passwd root slax egrep root apache etc passwd root x 0 0 root bin bash apache x 80 80 User for Apache srv httpd bin false 69 128 3 30 Shoki Packet Hustler V Purpose e Visualization of network traffic as a three dimensional scatter plot Links e Homepage _http shoki sourceforge net e Manual http shoki sourceforge net hustler manual html Important install locations e usr local shoki Example e First you have to create a capture file with Wireshark e Next Start Shoki Packet Hustler through the KDE start menu e In the file open dialog select the capture file Select pcap file New Folder Delete File Rename File jroot Desktop Folders DAVIX desktop Home System i test cap Selection root Desktop test cap X cancel 70 128 e The scatter plot of the network traffic is shown root Desktop test cap Using all 1455 packets 1
69. istinguishing version number If the Document specifies that a particular numbered version of this License or any later version applies to it you have the option of following the terms and conditions either of that specified version or of any later version that has been published not as a draft by the Free Software Foundation If the Document does not specify a version number of this License you may choose any version ever published not as a draft by the Free Software Foundation ADDENDUM How to use this License for your documents To use this License in a document you have written include a copy of the License in the document and put the following copyright and license notices just after the title page 127 128 Copyright c YEAR YOUR NAME Permission is granted to copy distribute and or modify this document under the terms of the GNU Free Documentation License Version 1 2 or any later version published by the Free Software Foundation with no Invariant Sections no Front Cover Texts and no Back Cover Texts A copy of the license is included in the section entitled GNU Free Documentation License If you have Invariant Sections Front Cover Texts and Back Cover Texts replace the with Texts line with this with the Invariant Sections being LIST THEIR TITLES with the Front Cover Texts being LIST and with the Back Cover Texts being LIST If you have Invariant Sections without Cover Texts or some othe
70. itch port are turned on e See if eth0 is listed ifconfig e Ifin the resulting list eth0 is missing then try to start up the interface ifconfig eth0 up e Check again if eth0 is up ifconfig e When the interface is showing up you can start the DHCP agent dhcpcd eth0 e Check if a dynamic IP address was assigned ifconfig e Ifno IP address was assigned repeat the previous four steps 8 2 Wireless Networking 8 2 1 Kernel Supported Drivers Since not every wireless card has open source drivers setting up wireless LAN can be difficult But the first thing is to try if any the kernel supported drivers work For simplicity reasons the example shown here are based on the network interface ID eth0 For your particular system it can be different e g it can be wlan0 or ath0 e First make sure that wireless is enabled in your BIOS and activated On some systems like the Lenovo ThinkPad T60 it is required to turn on wireless by moving the switch located on the outside of you notebook into the On position On others you can use a keyboard function shortcut to enable wireless e g on a Dell Inspiron it is Fn F2 e Boot DAVIX in KDE mode and open a console 113 128 Then check if a wireless interface is available iwconfig root slax iwconfig lo etho ethl no wireless extensions unassociated ESSID off any ode Managed Channel 0 Access Point Not Associated Bit Rate 0 kb s Tx Power 20 dBm Sensitivity 8 0 R
71. l machines This chapter show which environments are known to work with DAVIX and which ones not 7 1 7 1 1 Physical Machines Hardware Known to Work In general DAVIX should work on any Intel and AMD based architecture Following hardware setups were reported by testers to work with DAVIX PC Brand amp Type Compaq Evo CPU Type Intel R Pentium R 4 CPU 2 40GHz Memory 1 GB Graphic Card nVidia Corporation G73 GeForce 7600 GS rev a2 LAN Network Card Intel Corporation 82801DB PRO 100 VM LOM Ethernet Controller rev 81 Wireless Network Chipset PC Brand amp Type Dell Dimension 3100c CPU Type Intel P4 Celeron Memory Graphic Card LAN Network Card Wireless Network Chipset PC Brand amp Type DELL Latitude D620 CPU Type Intel Core 2 Duo 2 33 GHz Memory 2 GB Graphic Card NVIDIA Quadro NVS 110M Display adapter LAN Network Card Broadcom NetXtreme 57xx Gigabit Controller Wireless Network Chipset Intel R PRO Wireless 3945ABG Was not tested PC Brand amp Type Dell Inspiron 6000 CPU Type Intel Pentium M 1 86 GHz Memory 1 GB Graphic Card ATI Mobility Radeon X300 LAN Network Card Broadcom 440x 10 100 Wireless Network Chipset Intel PRO Wireless 2200BG 108 128 PC Brand amp Type Fujitsu Siemens Lifebook T Series T4215 CPU Type Intel Core2 CPU T5500 1 66GHz Memory 1GB
72. l share ggobi Example e Start GGobi through the KDE start menu e In the file open dialog navigate to usr local share ggobi data Read ggobi data el OS 7 usr local share ggobi data Recently Used B Shipman csv 04 13 08 M root Shipman xml 04 13 08 E Desktop adhoc xml 04 13 08 File System _ algal bloom xml 04 13 08 buckyball xml 04 13 08 cube6 xml 04 13 08 eies xml 04 13 08 flea csv 04 13 08 flea xml 04 13 08 laser csv 04 13 08 laser xml 04 13 08 morsecodes xml 04 13 08 olive csv 04 13 08 olive xml 04 13 08 perm4 xml 04 13 08 a Add Remove M perm5 xml 04 13 08 z Input Type unknown v URL A 25 128 e Open one of the graphs in this directory e g Shipman csv B GGobi mox Shipman csv Scatterplot current File Display View Interaction Tools Help File Options XY Plot y id Plot cycling E x a O Cycle Eea K Al month K y year A EM julian date Change direction x E place K El cause e Inthe window menu select Display New Parallel Coordinate Display e Activate the scatter plot window and the select Interaction Brush in the main window menu e Now you can move the yellow box around in the scatter plot and see how the selection behaves in the other graph l GGobi _ oyx Shipman csv Scatterplot current File Display View Interaction Tools Help Brush E Al id Choose color amp gly
73. l tutorials or get inspired by visiting secviz org We have included usage examples for each of the tools in the chapter Tools Showing You the Ropes 7 SecViz Security Visualization http www secviz org 12 128 2 5 What to Do Next The chapter Tools Showing You the Ropes gives an overview of the most important tools found on the DAVIX CD as well as a quick start example for each tool Apart from the tools on the CD Firefox contains bookmarks to online tools for visualization as well as for libraries to write your visualization tools Visualize Libraries Vi Visualize Online juichart Chooser X FlightAware Live Flight Tracker LI Many Eyes Bi newsmap C GINY Switzerland Air Traffic Grappa swivel L InfoVis Toolkit G Google Chart API Freechart Li Google Earth 2 JGraph G Google Earth KML Documentation Li JGraphT G Google Maps JUNG G Google Maps API OpenJGraph G Google Visualization API Piccolo Toolkit Open All in Tabs LI SecViz org 4 Library Listings 1 Library Listings 2 L Boost Graph Library Open Allin Tabs If you are requiring information on an intermediate level we recommend reading Raffael s book Applied Security Visualization A rough cuts version of the book is available on the Internet The book gives a very good introduction to visualization and introduces a use case driven approach It of
74. latform at the vizSEC 2008 conference in Boston for presenting DAVIX to the research community We feel very honored and thank you both for this Beta Testers for DAVIX in alphabetic order of their last names or nicknames e Alexander Bochmann Greg Conti Eric Deschamps Olga Gelbart Mirko Kildani Benjamin Kohler C S Lee geekOOL Jean Philippe Luiggi Joseph M Lanier Zach Lanier David Libershal Kevin Liston mfs mOODy Gabriel Mueller Jose M Pavon chmeee Izar Tarandach Stefano Zanero many others who want to stay anonymous Mirror amp bandwidth providers in alphabetic order of their last names e Kord Campbell e Benjamin Kohler e Martin Winter A special thanks to Ben Shneiderman from the University of Maryland Human Computer Interaction Lab for allowing us to integrate Treemap and Timesearcher 1 in DAVIX m4 vizSEC http www vizsec org 119 128 12 Licenses 12 1 Software DAVIX incorporates software with different types of licenses ranging from BSD over GPL to custom licenses So if you want to make derivative works you have to check if you are allowed to The software packages utilized by DAVIX and their licenses are documented in the file LICENSE DAVIX pdf which can be found on the DAVIX CD All original contributions by the authors which are not part of other software distributions are licensed under the GNU GPL Version 2 Changes to third party software packages are di
75. nd in the directory usr local share mondrian e g Pollen txt Load Data Enter path or folder name usr local share mondrian samples Filter fe Folders Files See Eein NASA Dt Olive Pollen tt Titanicod Enter file name Pollen txt 43 128 e Inthe Mondrian main window select any columns you like fa Mondrian Pollen txt File Plot Calc Options Window Help Ridge Nub Crack Weight Density Number e Inthe window menu select Plot Histogram Two histogram windows should appear e Inthe window menu select Plot Scatterplot A graph with a scatter plot should appear e You can now select a bar in the histogram and see how the selected data is represented in the other graphs A Histogram Ridge _ o x Ii 44 128 3 17 MRTG V Purpose e Visualization of traffic load on network devices using SNMP queries Links e Homepage http oss oetiker ch mrtg e Installation Guide http oss oetiker ch mrtg doc mrtg unix guide en html Important install locations e usr local bin e usr local lib mrtg2 e usr local share mrtg2 Example e Open a console e First you have to create a configuration file for you network device you want to monitor In our example we have chosen 792 168 16 5 cfgmaker global WorkDir tmp global Options _ bits growright output tmp mrtg cfg public 192 168 16 5 e To initialize the database we have to run
76. ng dialog and the tree gets laid out Tulip unnamed File Edit Algorithm Graph View Dialogs Options Windows Help a 9 At A EFON I PEE F Property Element Hierarchy Select a Property C selected only To labels Set all Inherited viewBorderColor viewBorderWidth viewColor viewLabel viewLabelColor viewLabelPosition viewLayout viewMetaGraph nodes 21 edges 20 4 83 128 3 39 Walrus V Purpose e Visualization hierarchical data as three dimensional link graphs Links e Homepage _http www caida org tools visualization walrus Important install locations e usr local bin e usr local lib walrus e usr local share walrus Example e Start Walrus through the KDE start menu e Inthe window menu select File Open e In the file open dialog navigate to usr local share walrus samples e Open one of the graphs in this directory e g champagne graph Look In samples ly pe S palmtree graph simple graph D walrus directory graph File Name champagne graph Files of Type All Files D Open ji Cancel 84 128 e Inthe window menu select Rendering Start to display the graph B File Rendering Display Spanning Tree ColorScheme Node Label 85 128 3 40 Wireshark CV Purpose e Capturing and dissecting network traffic Links e Homepage _http www wireshark o
77. ocation from which the general network using public has access to download using public standard network protocols a complete Transparent copy of the Document free of added material If you use the latter option you must take reasonably prudent steps when you begin distribution of Opaque copies in quantity to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy directly or through your agents or retailers of that edition to the public It is requested but not required that you contact the authors of the Document well before redistributing any large number of copies to give them a chance to provide you with an updated version of the Document 4 MODIFICATIONS You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above provided that you release the Modified Version under precisely this License with the Modified Version filling the role of the Document thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it In addition you must do these things in the Modified Version A Use in the Title Page and on the covers if any a title distinct from that of the Document and from those of previous versions which should if there were any be listed in the History section of the Document You may use the same title as a previous version if th
78. ollowing procedure is common to all e Start VMware Workstation e Through the Windows menu File New Virtual Machine start the New Virtual Machine Wizard e Inthe Virtual machine configuration step select Custom e Inthe Virtual machine hardware compatibility step select Workstation 6 e As guest operating system select Linux and select Other Linux 2 6 x kernel e Choose virtual machine name and storage location e Choose One as the number of processors e Allocate at least 5 2 MB of memory The optimal value is 024 MB e Select Use bridged networking e Select I O adapter type SCSI adapter LSI Logic e Select Create a new virtual disk e Select virtual disk type SCSI Recommended 94 128 e Choose disk size of 8 GB without allocating disk space e Choose disk file name and press Finish The basic virtual machine is now set up Continue with one of the chapters CD ROM based Boot or Installation on Virtual Hard Drive 6 1 2 CD ROM based Boot Before continuing with this chapter please setup the basic virtual machine as described in chapter Virtual Machine Setup Edit virtual machine settings e Select tab Hardware e Select CD ROM drive e Select option Use ISO image and browse for the DAVIX image e Close the settings dialog On first startup the CD ROM will not boot as default Therefore following steps have to be taken e Start virtual machine When the BIOS screen is shown press F2 Navigate to menu Boot Mov
79. ons below Command m for help n Command action e extended p primary partition 1 4 P Partition number 1 4 1 First cylinder 1 9733 default 1 ENTER BackTrack Hard Drive Installation http www offensive security com documentation backtrack hd install pdf 104 128 Using default value 1 Last cylinder or size or sizeM or sizeK 1 9733 default 9733 50M e Create second partition according to the options below Command m for help n Command action e extended p primary partition 1 4 P Partition number 1 4 2 First cylinder 8 9733 default 8 ENTER Using default value 8 Last cylinder or size or sizeM or sizeK 8 9733 default 9733 512M e Create third partition according to the options below Command m for help n Command action e extended p primary partition 1 4 P Partition number 1 4 3 First cylinder 71 9733 default 71 ENTER Using default value 71 Last cylinder or size or sizeM or sizeK 71 9733 default 9733 ENTER Using default value 9733 e Activate the first partition as bootable Command m for help a Partition number 1 4 1 e Change the partition type of partition 2 to 82 for Linux Swap Command m for help t Partition number 1 4 2 Hex code type L to list codes 82 Changed system type of partition 2 to 82 Linux swap e Now we have to write the partition table to disk
80. oolbar press the Brush button e Now you can select lines you want to inspect in more detail When you select you do not select single lines Instead you define an angle 50 128 e To make anew selection press the Reset All button in the toolbar A Parvis voyager stf x File Edit View Help Edit Mode Order tla Scale ls Translate j Brush 21 744 Reset Brush Reset ll Datasource fei usr ocal share parvis data voyager stf Load File f L t T t t t t 310195 0 23 0 44 99 13 1 211 0 508 3 0 00602 345 10195 0 0 0 44 75 13 2 210 9 444 17 3 2200012E 4 11 Date Hour S C_Distance S C_Latitude S C_Longitude Plasma_Velocity Plasma_Density Plasm status hist v tooltips line w Brush Fuzziness 10 51 128 3 20 Passive Asset Detection System PADS CP Purpose e PADS allows to passively instrument hosts on the network and their services Links e Homepage http passive sourceforge net Important installation locations e etc re d re pads usr local etc usr local bin e usr local share pads Log directory e var log pads Example e Open a console e To start the PADS daemon execute the command sh etc rc d rc pads start e The assets are recorded in a log file To view the assets tail this log file with following command tail f var log pads assets csv ro
81. oot Parameters in SLAX http www slax org documentation_boot_cheatcodes php 91 128 5 Creating and Modifying Modules This chapter shows you the different ways for getting your hands on additional SLAX modules for DAVIX 5 1 Leverage Existing SLAX Modules The easiest way to get anew SLAX module is by checking the SLAX website itself The modules page offers a wide range of contributed ready to use SLAX modules These modules in general come with all the required libraries and should work right away Slax modules your pocket operating system Mozilla Firefox 5 jo x File Edit View History Bookmarks Tools Help 7 z tt ttp www slax org modules php gt Slax modules your pocket opera C3 x E P artwork SS graphics lad education A games A editors ra multimedia o network D security system A develop ee drivers 41 multilang p console E libraries T utilities There are currently 418 modules waiting to be checked X Ki gt D0 Proxy None S 5 5 2 Create New Modules from Slackware Packages Another fast way to get additional modules is to search and download existing Slackware packages and convert them to SLAX modules using following command tgz2lzm foo bar 1 0 tgz foo bar 1 0 lzm 17 SLAX modules http www slax org modules php 8 Search Slackware Packages hitp packages slackware it 92 128 This approach does no d
82. or profits whether in an action of contract negligence or other tortious action arising out of or in connection with the use or performance of this software 121 128 14 Versioning 0 1 0 Initial document 0 2 0 Beta 2 Release 0 5 0 Final release for Raffael s Applied Security Visualization book 0 5 1 Fixed several bugs and added documentation for newly added tools 1 0 0 Release version of document 1 0 1 No change in content Just updated version information 122 128 15 GNU Free Documentation License GNU Free Documentation License Version 1 2 November 2002 Copyright C 2000 2001 2002 Free Software Foundation Inc 51 Franklin St Fifth Floor Boston MA 02110 1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed 0 PREAMBLE The purpose of this License is to make a manual textbook or other functional and useful document free in the sense of freedom to assure everyone the effective freedom to copy and redistribute it with or without modifying it either commercially or noncommercially Secondarily this License preserves for the author and publisher a way to get credit for their work while not being considered responsible for modifications made by others This License is a kind of copyleft which means that derivative works of the document must themselves be free in the same sense It complements the G
83. ot slax tail f var log pads assets csv asset port proto service application discovered 74 125 39 103 80 6 www gws 1217205195 74 125 39 99 80 6 www gws 1217205195 e Generate some traffic with Firefox to get the PADS log file populated with information e To stop the PADS daemon execute the command sh etc rc d rc pads stop 52 128 3 21 Ploticus V Purpose e Generation of all kinds of charts Links e Homepage http ploticus sourceforge net doc welcome html e Prefab Handbook http ploticus sourceforge net doc prefabs html Important install locations e usr local bin e usr local share ploticus Example e Open a console e Create a file data csv with following content Dogs 10 Cats 20 Birds 25 Spiders 10 Rats 5 Mice 40 e To generate a pie chart execute the command pl prefab pie values 2 labels 1 data data csv delim comma ploticus graphic Rats Spiders 53 128 3 22 pOf C Purpose e Identification of a remote host s operating system Links e Homepage http Ilcamtuf coredump cx p0f shtml Important install locations e etc pOf e usr sbin Example e Open a console e Execute command pOf e Open Firefox and surf to some site e The output of pOf reads as follows pOf passive os fingerprinting utility version 2 0 8 C M Zalewski lt lcamtuf dione cc gt W Stearns lt wstearns pobox com gt pOf listening SYN on eth0 262 si
84. p through the different examples by pressing ENTER in the gnuplot command line window You can stop the interactive tour by pressing Ctrl C 30 128 3 11 Graphviz V Purpose e Generation of two dimensional of link graphs Links e Homepage _http www graphviz org Manual http www graphviz org Documentation php e e Tutorial dot usr local share graphviz doc pdf dotguide pdf e Tutorial neato usr local share graphviz doc pdf neatoguide pdf Important install locations e usr local bin e usr local lib graphviz e usr local share graphviz Example e Open a console e Generate a sample afterglow file with echo e a b nc d nc e afterglow pl gt test dot e Execute the following command to start the interactive mode of neato neato e Right click on the window and select load graph undo paste do layout cancel layout redraw new graph reload graph save graph save graph as open view copy view clone view birdseye view close view set graph attr set node attr set edge attr zoom in zoom out find node print graph text view quit 31 128 e Inthe file open dialog navigate to test dot and open it selFile file name mozilla qt thumbnails wine wireshark xsession error Desktop after txt recorded e Then the link graph is displayed AKerGlow i153 e Try the other options in the right click menu e g birdseye view 32 128
85. ph E M X E age O Persistent Undo EJEA month Point brushing EJEA year Color and glyph aes julian date v Edge brushing Xx ow o o Tz x ml place x File Options Brush cause B Shipman csv Parallel Coordinates lolx File Options month julian date 26 128 3 9 glTail V Purpose e Real time visualization of web server traffic Links e Homepage http www fudgie org Important install locations e usr bin e usr lib ruby gems 1 8 doc gltail 0 0 7 Example e Open a console e Start the Apache daemon by executing the command sh etc rc d rc httpd start e Start the SSH daemon by executing the command sh etc rc d rc sshd start e Execute the following command to generate a configuration file template gl tail new foobar yaml e Adjust the configuration file to your needs servers foobar host 127 0 0 1 port 22 user root password toor command tail f n0 files var log httpd access log parser apache color 0 27 1 10 0 2 2 0 config e Execute the following command to start the visualization g _ tail foobar yaml e Open Firefox and access the URL i ip 27 0 0 and press the reload button as much as you like 27 128 e Inthe glTail window the visualization should now appear glTail SIFES Fam r m URL S coent total css 1 STAZOS 25m UGERS rzi Le REFE R RS 25m ESERFARERTS 0 14 e To stop
86. r combination of the three merge those two alternatives to suit the situation If your document contains nontrivial examples of program code we recommend releasing these examples in parallel under your choice of free software license such as the GNU General Public License to permit their use in free software 128 128
87. r DVD 3 Boot the CD on your PC 4 Analyze your data 2 1 Download The DAVIX ISO image can be downloaded from several locations around the world Please select one of the mirrors closest to you Since web browsers on occasion corrupt large downloads we recommend using wget for downloading the ISO Main Server e Switzerland http 82 197 185 121 davix release davix 1 0 1 iso gz Mirrors e Switzerland ftp mirror switch ch mirror DA VIX davix 1 0 1 iso gz e Germany http bastard codenomad com davix davix 1 0 1 iso gz e United States http www noaccess com davix davix 1 0 1 iso gz e United States http www geekceo com davix davix 1 0 1 iso gz e United States http depot unix foo ch davix davix 1 0 1 iso gz As a nice side effect of using wget you can resume downloads by using the c command line option when the connection got interrupted wget c http mirror foo bar davix 1 0 1l iso gz After download check the size and the integrity of the ISO image The MDS hash and the file size are published on the DAVIX homepage gt For Win32 wget can found as part of the GNU utilities for Win32 http unxutils sourceforge net The UNIX tool md5sum can be used to calculate the MDS hash The utility is also part of the GNU utilities for Win32 gt DAVIX Homepage http davix secviz org 6 128 2 2 Burn Utilize any CD or DVD burning software of your liking and burn the ISO ima
88. rg e Manual http www wireshark org docs wsug_html Important install locations e usr local bin e usr local lib e usr local lib wireshark e usr local share wireshark Example e Start Wireshark through the KDE start menu e Select menu Capture Options e In the field Interface select the network interface you want to sniff Wireshark Capture Options Capture Interface fetho v IP address 192 168 16 220 Link layer header type Ethernet lt Capture packets in promiscuous mode CJ Limit each packet to ee E bytes ff Capture Fitter v Capture File s Display Options File Browse Update list of packets in real time CJ Use multiple files O Next file every h megabyte s z Automatic scrolling in live capture O Next file every fa E minute s 4 Hide capture info dialog Ring buffer with 2 EI files Name Resolution O Stop capture after fi El file s Stop Capture J Enable MAC name resolution O after fi packet s CO Enable network name resolution O after A megabyte s gt O after h 6 minute s z O Enable transport name resolution J Help X Cancel _Qistare 86 128 e Press the Start button e The network traffic is now recorded etho Capturing Wireshark File Edit View Go Capture Analyze Statistics Help SeaA ae B exeteo ces vVFLIES QQQMlPUMBE A Filter _y amp Expression Cl
89. se instructions are based in parts on the paper published by Offensive Security A word of warning e According to BackTrack the BackTrack Installer is experimental and has not yet been tested It is therefore highly recommended to work with an empty hard drive or use VMware Here is the procedure for installing DAVIX on hard disk e Boot DAVIX from CD or DVD in KDE mode Make sure there are no other hard drive devices attached than the one you want DAVIX onto e To find out which device ID your hard disk has execute the command sfdisk list For simplicity of this example Ada has been chosen Your device ID may be different So watch out root slax sfdisk list Disk dev hda 9733 cylinders 255 heads 63 sectors track Units cylinders of 8225280 bytes blocks of 1024 bytes counting from 0 Device Boot Start End cyls blocks Id System dev hdal 0 0 0 0 Empty dev hda2 0 0 0 0 Empty dev hda3 0 0 0 0 Empty dev hda4 0 0 0 0 Empty e First we have to partition the hard drive Execute fdisk dev hda root slax fdisk dev hda The number of cylinders for this disk is set to 9733 There is nothing wrong with that but this is larger than 1024 and could in certain setups cause problems with 1 software that runs at boot time e g old versions of LILO 2 booting and partitioning software from other OSs e g DOS FDISK OS 2 FDISK e Create first partition according to the opti
90. ses ea Aa E E kd a R ake 80 Bes a heccoerces tates nicestsi se OT 82 3 39 Walrus CV e n a E E tiie tee eed E A 84 3 40 Wireshark CV Janene a E A edt a Sati 86 4 Customizing the DAVIX ISO Image c ccccscesssssscescesseesecsssesesscseecssacsenneses 88 AN WihdOWS ena e a E AEA AE A EE EEAS 88 Bs Dine EUR asta esas E E E R E E a cole 89 4 3 Adding and Removing Modules 0 cecccecsseceseceseceeeeeeseecnseceeeeeeeeenseeeaeens 90 4 4 Overriding Files with rootcopy esssssesesseessessessresresseesreseesseesreseessressesess 90 4 5 Modifying the Boot Menu sssssessesessseessessesseessessrsseesseessesresseesesersseessesess 90 4 6 Boot neat COMES mrn 2h i ae aieea S ae io Ea ese 91 5 Creating and Modifying Modules was isk asta neci ai diene Se 92 5 1 Leverage Existing SLA X Modules c ccccssccssccsstesseccsscccssneseccesacssnnesees 92 5 2 Create New Modules from Slackware Packages 0 cceesccsseesseeeteeeteeeees 92 5 3 Customize Existing SLAX or DAVIX Modules 0 eceeceecseesseeeteeeteeeees 93 6 Deployment Options 25 2 sinie2 os oat ta hacases sacha dea oaaecdhs oath aceataaec ne eeounaaase ron ene 94 Odi WIMIW ATC aseinani taps nas aia a patente a a a a edas 94 6 1 1 Virtual Machine Setup cx cissicietcstecaushtecctgaieticty idea edastouaantecerseestecaeks 94 6 1 2 CD ROM based BOOl sot tesceaSeeeauntugncclaPaccucabacqancoantenctsausd a geutes 93 6 1 3 Installation on Virtual Hard Driv
91. slax modules Scanning slax optional Scanning slax rootcopy Scanning slax rootcopy usr share wallpapers Scanning slax tools Scanning slax tools WIN Writing Initial Padblock Start Block 0 Done with Initial Padblock Block s 16 Writing Primary Volume Descriptor Start Block 16 Done with Primary Volume Descriptor Block s 1 Writing Eltorito Volume Descriptor Start Block 17 Size of boot image is 4 sectors gt No emulation Done with Eltorito Volume Descriptor Block s 1 Writing Joliet Volume Descriptor Start Block 18 88 128 Done wit Writing Done wit Writing Done wit Writing Done wit Writing Done wit Writing Done wit Writing Done wit Writing Done wit Writing Done wit Writing 1 74 99 16 Total tr Total ro Total di Path tab Done wit Writing Done wit ax brk 287420 e ew ISO Press an h Joliet Volume Descriptor Block s End Volume Descriptor Start Block h End Volume Descriptor Block s Version block Start Block h Version block Block s Path table Start Block h Path table Block s Joliet path table Start Block h Joliet path table Block s Directory tree Start Block h Directory tree Block s Joliet directory tree Start Block h Joliet directory tree Block s Directory tree cleanup Start Block h Directory tree cleanup Block s Extension record Start Block h Extension record Block s The File s Start Block
92. stributed under the license of the original software package Copyright c 2008 Jan P Monsch Raffael Marty 12 2 Sublicense Attribution The registered trademark Linux is used pursuant to a sublicense from LMI the exclusive licensee of Linus Torvalds owner of the mark on a world wide basis The tools Treemap and Timesearcher J used with permission from Ben Shneiderman from the University of Maryland Human Computer Interaction Lab 12 3 Documentation This document is distributed under the GNU Free Documentation License Version 1 2 Copyright c 2008 Jan P Monsch Raffael Marty Permission is granted to copy distribute and or modify this document under the terms of the GNU Free Documentation License Version 1 2 or any later version published by the Free Software Foundation with no Invariant Sections no Front Cover Texts and no Back Cover Texts A copy of the license is included in the section entitled GNU Free Documentation License 25 Linux Mark Institute http www linuxmark org 2 Human Computer Interaction Lab http www cs umd edu hcil 120 128 13 Disclaimer The DAVIX authors and contributors disclaim all warranties with regard to this software and documentation including all implied warranties of merchantability and fitness In no event shall the DAVIX authors and contributors be liable for any special indirect or consequential damages or any damages whatsoever resulting from loss of use data
93. t pl e To view the result open GQview with the command gqview test png GQview Edit View Help BeQAQQQ test png 6 542 05 11 08 14 52 20 128 3 5 Cytoscape V Purpose e Generation and display of two dimensional link graphs Links e Homepage http www cytoscape org e Tutorial http cytoscape org cgi bin moin cgi Presentations Important install locations e usr local bin e usr local lib cytoscape e usr local share cytoscape Example e Start Cytoscape through the KDE start menu e Inthe file open dialog navigate to usr local share cytoscape sampleData e Open the sample graph in this directory e g galFiltered cys O Open a Session File ox Look In GsampleData ooo o E galFiltered cys File Name galFiltered cys Files of Type Cytoscape Session files cys v 21 128 e The data is then rendered Cytoscape Desktop Session galFiltered cys File Edit View Select Layout Plugins Help GG A2anage ae 1B F galFiltered si o cf E Control Panel fg Network VizMapper Editor Filters Network Nodes J Edges OEE io 3620 Data Panel ral SOs Hem _ _canonicalName YOR264W YOR264W Node Attribute Browser Edge Attribute Browser Network Attribute Browser OOM Mid Right click drag to click drag to PAN 22 128 3 6 EtherApe V Purpose e Real time visualization of network traffic
94. t prominent appearance of the work s title preceding the beginning of the body of the text A section Entitled XYZ means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language Here XYZ stands for a specific section name mentioned below such as Acknowledgements Dedications Endorsements or History To Preserve the Title of such a section when you modify the Document means that it remains a section Entitled XYZ according to this definition The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document These Warranty Disclaimers are considered to be included by reference in this License but only as regards disclaiming warranties any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License 2 VERBATIM COPYING You may copy and distribute the Document in any medium either commercially or noncommercially provided that this License the copyright notices and the license notice saying this License applies to the Document are reproduced in all copies and that you add no other conditions whatsoever to those of this License You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute However you may accept compensation in exchange for copies
95. taset Open rumint dataset File name test cap Files of type 7 Cancel I Open as read only e Inthe file open dialog navigate to your capture file and open it e Inthe window menu select View Scatter Plot and then View Parallel Plot 64 128 e Inthe window Scatter Plot select Source IP in the X axis and Dest IP in the Y axis e Inthe window Parallel Coordinate Plot select TCP Source Port on the left hand side and TCP Dest Port on right hand side e Press the play button to start visualizing the network traffic File Toolbars View Help aC EA Pause Stop clear screen rumint Scatter Plot gt 88 192 168 16 220 192 1620R3HRISH 4 192 168 16 220 62 2 65 128 3 28 Scapy CPV Purpose e Capture and manipulation of TCP IP traffic e Visualization of traceroutes Links e Homepage http www secdev org projects scapy e Tutorial http www secdev org projects scapy demo html Important install locations e usr lib python2 5 e usr local bin Example traceroute e Open a console e Execute the command scapy e Execute the following command to traceroute a series of hosts nn res unans traceroute www microsoft com www cisco com dport 80 443 maxttl 20 retry 2 root slax scapy Welcome to Scapy 1 2 0 2 gt gt gt res unans traceroute www microsoft com www cisco com dport 80 443 maxttl 20 retry 2 Begin emission
96. the SSH daemon execute the command sh etc rc d rc httpd stop e To stop the Apache daemon execute the command sh etc rc d rc httpd stop 28 128 3 10 GNUplot V Purpose e Generation of various types of charts Mainly used for simple charting Links e Homepage http www gnuplot info e Tutorial http tl6web lanl gov Kawano gnuplot intro basic e html e Manual http www gnuplot info docs gnuplot html Important install locations e usr local bin e ust local libexec gnuplot e usr local share gnuplot Example e Open a console e Change to the following directory cd usr local share gnuplot demo e Execute the following command gnuplot root slax usr local share gnuplot demo gnuplot GNUPLOT Version 4 2 patchlevel 2 last modified 31 Aug 2007 System Linux 2 6 24 4 Copyright C 1986 1993 1998 2004 2007 Thomas Williams Colin Kelley and many others Type help to access the on line reference manual The gnuplot FAQ is available from http www gnuplot info faq i Send bug reports and suggestions to lt http sourceforge net projects gnuplot gt Terminal type set to x11 29 128 e Inthe gnuplot command line enter load all dem gnuplot gt load all dem KRKKKKKKKKKKKKKKKKKK file simple dem KKK KK KK KK KK KK KK KKK Hit return to continue sinix atan x os atan x 1 5 10 5 0 5 10 4 20250 1 55550 e You can ste
97. the computer On some systems the BIOS is configured to boot directly from CD or DVD when a disk is located in the drive On other systems it might be necessary to press a key during the BIOS boot screen for a displaying a boot menu e g on a Dell Inspiron 6000 or Lenovo ThinkPad T60 you have to press F12 If you do not like the default boot behavior you can change it in the BIOS setup menu 2 Removable Devices 3 Hard Drive 4 Network boot from AMD Am 9C970A lt Enter Setup gt When DAVIX starts a boot menu is displayed Here you can select the boot option In most cases the first option DAVIX Graphics mode KDE will be the one to go for It will take you directly to the KDE desktop DAVIX Graphics VESA mode DAUIX Text mode Run Memtest utility Help for currently selected Run DAUIX the max try to autoconfig graphics card and use the maximum allowed resolution siipowut ie ogur ig they zacon ai 9 128 To change the keyboard layout in KDE you have to right click on the US icon in the lower left corner of the system tray and either select on of the predefined layouts in the menu or use Configure to set any other layout EJ KDE Keyboard Tool FES U S English Switzerland A Configure Help E Quit Ctri Q To switch between different screen resolutions you can right click on the screen icon and select the size you like to use g3 Screen Size X 1024 x 768
98. these Invariant Sections You may include a translation of this License and all the license notices in the Document and any Warranty Disclaimers provided that you also include the original English version of this License and the original versions of those notices and disclaimers In case of a disagreement between the translation and the original version of this License or a notice or disclaimer the original version will prevail If a section in the Document is Entitled Acknowledgements Dedications or History the requirement section 4 to Preserve its Title section 1 will typically require changing the actual title 9 TERMINATION You may not copy modify sublicense or distribute the Document except as expressly provided for under this License Any other attempt to copy modify sublicense or distribute the Document is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 10 FUTURE REVISIONS OF THIS LICENSE The Free Software Foundation may publish new revised versions of the GNU Free Documentation License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns See http w gnu org copyleft Each version of the License is given a d
99. tly selected Run DAVIX the max try to autoconfig graphics card and use the maximum allowed resolution LABEL myconf MENU LABEL DAVIX Graphics mode KERNEL boot vmlinuz APPEN changes slax autoexec xconf kdm TEXT HELP ENDTEXT Due to the width limitation in this document the line with the keyword APPEND is wrapped to form two lines In your s ax cfg it needs to be on one line to work correctly The available boot options are documented in the chapter Boot Cheat Codes 4 6 Boot Cheat Codes SLAX has many useful boot options that allow you to tweak boot and kernel behavior The following list shows an extract of the most important ones For a complete list check the SLAX boot parameter page e nodma Disable DMA for CD ROM and hard drives e noauto Hard disk are not mounted automatically e nohd Hard disks are not mounted e nocd CD ROMs are note mounted e nosound Disable sound e password foobar Set root password to foobar e password ask Ask for new password during boot e changes dev hdx Stores changes to the specified device e changes foo bar Stores changes to the specified directory e changes foo dat Stores changes to the specified file e toram Copy all CD files to RAM e copy2ram Same as toram e load module Loads the specified module from slax optional e noload module Disable loading of specified module e autoexec xconf kdm After boot auto configures X and starts KDM 16 B
100. ve the network location if any given in the Document for public access to a Transparent copy of the Document and likewise the network locations given in the Document for previous versions it was based on These may be placed in the History section You may omit a network location for a work that was published at least four years before the Document itself or if the original publisher of the version it refers to gives permission K For any section Entitled Acknowledgements or Dedications Preserve the Title of the section and preserve in the section all the substance and tone of each of the contributor acknowledgements and or dedications given therein 125 128 L Preserve all the Invariant Sections of the Document unaltered in their text and in their titles Section numbers or the equivalent are not considered part of the section titles M Delete any section Entitled Endorsements Such a section may not be included in the Modified Version N Do not retitle any existing section to be Entitled Endorsements or to conflict in title with any Invariant Section O Preserve any Warranty Disclaimers If the Modified Version includes new front matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document you may at your option designate some or all of these sections as invariant To do this add their titles to the list of Invariant Sections in the Modified Version
101. ware support for graphic cards and network adapters SLAX is based on Slackware and follows a modularized approach Thus the SLAX ISO image can easily be customized for various purposes It can even be installed on USB sticks and provide you with mobile analysis capabilities The product is shipped with a comprehensive manual that gives you a quick start for all tools and provides information on how to tailor DAVIX to your needs All tools are accessible through the KDE start menu and accompanied with links to external manuals and tutorials Therefore all information to get started with the tools is available at a click of a button DAVIX is also part of Raffael s upcoming book Applied Security Visualization that will be published by Addison Wesley Professional 1 2 Roadmap The first release of DAVIX is just the start In the future we would like establish DAVIX as the number one choice for log analysts In particular we will improve following areas More parser support for specific log formats Data format converters for the visualization tools More visualization tools Support for distributed log processing Integrated UI that will allow easy orchestration of the different tools Applied Security Visualization http www informit com store product aspx isbn 032 1510100 5 128 2 Quick Start Guide Starting to use DAVIX is as simple as counting from 1 to 4 1 Download the ISO image 2 Burn it onto a CD ROM o
102. wse button and navigate to usr local share timesearcher I data e Open one of the graphs in this directory e g 52weeks tqd Look In data ly pa S C 13month 2 tqd C 13month simple tqd Bi 30 days shorttqd C 30days tqd Bi microarray brown tqd synthetic_control tqd File Name 5 2weeks tqd Files of Type Temporal Data Files tqd M Open Ii Cancel 76 128 e The graph is shown TimeSearcher 52 weeks of closing prices File Edit View Transform Help w Om Search DUPONT E I NEMOURS amp CO 2042 15345 10 25 4 eee ores ee ests esas sesssetten 51 05 oe ttressse oe 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 CBS CORP 2042 153 15 10 2ean 222 0 coe 51 05 s k N Fee T a geet eee 4 7 10 I3 16 19 22 25 28 31 34 37 40 43 46 49 57 ENI SPA ADS 77 128 DUPONT E I NEMOURS amp CO CES CORP ENI SPA ADS KONINKLIJKE PHILIPS ELEC TAIWAN SEMICO MNFCG CO NEWS CORPORATION LTD THE MEDIAONE GROUP APPLIED MATERIALS INC COMPAQ COMPUTER CORP AUTOMATIC DATA PROCESSNG BANCO BILBAO VIZCAYA ARG WALGREEN CO CHARLES SCHWAB CORP MCDONALDS CORP S TMICROELECTRONICS NV INFINEON TECHNOLOGIES AG AES CORPORATION PALM INCORPORATED Ou CMMN ATI 3 36 tnv V Purpose e Time based analysis of network traffic Links e Homepage http tnv sourceforge net e Tutorial http tnv sourceforge net start php
103. ysfs on sys type sysfs rw usbfs on proc bus usb type usbfs rw dev sdal on mnt sdal type vfat rw noatime quiet umask 0 check s shortname mixed root slax e Then copy the directories boot and slax to the USB stick cp pvR mnt live mnt hdc boot mnt live mnt hdc slax mnt sdal e Writing to the flash memory will take a while So grab a coffee J e Change to the boot directory on the USB stick cd mnt sdaI boot e Execute bootinst sh and acknowledge the messages The USB stick is now made bootable This installer will setup disk dev sdal to boot only Slax Warning Master boot record MBR of dev sda will be overwritten If you use dev sda to boot any existing operating system it will not work 100 128 anymore Only Slax will boot from this device Be careful Press any key to continue or Ctrl C to abort Flushing filesystem buffers this may take a while Setting up MBR on dev sda The Master Boot Record of dev sda has been updated Activating partition dev sdal No partition table modifications are needed Updating MBR on dev sda Setting up boot record for dev sdal Disk dev sdal should be bootable now Installation finished Read the information above and then press any key to exit e Reboot your system and boot from USB stick When you are seeing the DAVIX boot menu you are done 6 3 3 On Linux with xfs Formatted USB
Download Pdf Manuals
Related Search