PACKTER: implementation of internet traffic visualizer and extension for network forensics

Traffic visualization tools help network operators to maintain awareness of the status of a network, including anomalous activities. Unfortunately, the network operator may look away from the visualizer when beginning network forensics, such as launching a terminal application, logging into a server, and analyzing log files. Thus, the eyesight of the network operator will move from the visual screen even if valuable information is displayed. Our motivation is to develop the ability to use visualization tools as a network operation console. Whereas previous tools focused on outputting packet information, we herein extend the visualizer to accept inputting for operators to start their operations. Since little such software exists for our intent, we develop PACKTER, which is able to visualize traffic based on per-packet information in real time. We also extend PACKTER to have a function of negotiating to a network forensic system, which allows the operator to select an individual packet using a mouse, to start network forensics using a keyboard, and to receive results without looking away from the PACKTER viewer.