Visualizer

Visualizer is a graphical user interface for examining data from Analyzer. It can sort and filter that data to make finding relevant data faster and easier.

The primary display in Visualizer is a grid of Analyzer data. There is a column for every packet property processed by Analyzer. Each row is a set of packets, all of which are handled in the same way by the configuration. Below that, if the analysis is a self or cross conflict, is the conflict inspector, which provides details for the conflict. Under that are one or two configuration windows, which display the configuration files.

visualizer grid Click to enlarge

The rows can be sorted by clicking on a column header to sort on that column. Data can be filtered by right clicking on a cell to use that data for the filter.

visualizer filter menu

A filter can also be edited directly, by clicking on the "Edit Filter" button. In this mode an arbitrary filter expression, including nesting and logical operators. For instance, to select rows that affect TCP traffic from the 10.187.201.0/24 and 10.178.0.0/24 networks, this filter expresion can be created.

( Source Address ^ 10.187.201.0/24 | Source Address ^ 10.178.0.0/24 ) & Protocol ^ tcp

When a row is selected in the main grid, the secondary displays are updated. If the analysis is a conflict analysis, then the conflict inspector displays the two behaviors that are conflict, along with the effective action of the firewall. If one of the conflicts is selected, or a grid row is selected for a tiled analysis, then the contributing line(s) from the configuration(s) are highlighted.