Abstract:
|
SHADOW, Secondary Heuristic Analysis for Defensive Online Warfare, is a network intrusion detection system written by William Ralph at the Naval Surface Warfare Center Dahlgren Division. SHADOW was designed to use free software and run on inexpensive hardware. It is a project in constant development growing in different directions. A network statistics page, written by William Ralph and John Rigsby, is currently being internally tested here at our lab. The page provides the user with the capability to examine rudimentary statistics about network traffic. This page takes network traffic dump files (tcpdump files) and generates simple statistics about bandwidth usage, IP, TCP, UDP, ICMP, and other protocol-related statistics. It also generates information about IP address space usage including private, multicast, and reserved ranges. The major use of the tool is to bring forth a sense of accountability for network bandwidth usage. The program groups hosts based on whether they are internal or external systems and network bandwidth utilization. The statistics page presents the network audit information in an easy to understand format with the capability for drill down.
|