I asked Jeff a couple questions, one concerning which graphing program he
uses for the ASC (www.activeworx.com), second concerning the ASCII
auto-parsing. See comments inline below.
From: Jeff Dell [mailto:jdell@...]
Sent: Monday, November 29, 2004 11:31 AM
To: Esler, Joel - Contractor
Subject: RE: Graphing
> 1. You told me once upon a time on the phone. What do you
> use for your graph generation?
A product by softwarefx called chartfx @ http://www.softwarefx.com
> 2. How do you "auto-translate" the packet payload from the hex data?
> (I mean, it's not too hard from the ASCII strings).
I first break the data into an array of strings, which each value being a
hex value. Then check to see if the value is > 32 and < 127. If it is then I
pass it through a function in C# called Encoding.ASCII.GetString to change
it to ascii. If you are looking for something in Perl, you might want to
checkout ACID/BASE. I am sure they do something similar.
> I'm working a lot on Oracle. Seems whomever wrote the Snort output
> module for Oracle threw it together, tested it a couple times, but
> never did anything intense with it. There are a lot of little bugs
> in it that
> we're working out. I posted the first of such bugs found to
> and snort-users yesterday.
If there is anything I can do to help, let me know.
On Mon, 2004-11-29 at 15:56, J wrote:
> I asked Jeff a couple questions, one concerning which graphing program he
> uses for the ASC (www.activeworx.com), second concerning the ASCII
> auto-parsing. See comments inline below.
Weird... ActiveWorx is based in Delray Beach which is where I was born
and grew up. And I knew a guy that worked for SoftwareFX a few years