AfterGlow Frequently Asked Questions

How do I start AfterGlow 1.x?
How can I draw a graph of my current network traffic?
What output format does AfterGlow support?
Is there more material talking about AfterGlow?
How do I use variables in AfterGlow?

How do I start AfterGlow?

You just pipe a CSV file into the afterglow script...

cat file.csv | perl afterglow.pl -c color.properties > file.dot

The dot file you visualize using the AT&T GraphViz libraries.

How can I draw a graph of my current network traffic?

To get a picture of every 2000 packets running over interface ath0 on your machine, run the following:

while true; do \tcpdump -vttttnneli ath0 | \
./tcpdump2csv.pl "sip dip dport" | head -2000 | \
../graph/afterglow.pl -c color.properties -e 2 | neato -Tgif -o test.gif; done

(This assumes you are in the parser directory of afterglow and you have a color.properties file in that respective directory). If you have a picture viewer displaying test.gif, and the viewer automatically upates the picture after 2000 packets!

What output format does AfterGlow support?

GraphViz from AT&T
Gephi with the -k parameter

Is there more material talking about AfterGlow?

Raffy gave a presentation at DefCon. and one at EuSecWest.

The book, Applied Security Visualization also has a lot of information about AfterGlow.

How do I use variables in AfterGlow

Have a look at this blog post.