1.3. GUI Topology and GraphsΒΆ
Under the topology tab is a graph of the current experiment topology.
Each node and link in the graph displays a traffic summary label. The colored bar represents the ratio of regular to attack traffic if traffic is present. If there is no traffic present, the bar is black. If the bar is gray, the node is not reporting counter information to us. This could be because the node isn’t online yet or is incapable of recording packet counter data. For links, a text label provides the current traffic bandwidth vs configured bandwith in Mb.
There are a couple interface methods when working with the graph:
- Clicking with the left mouse button selects a node
- Dragging with the left mouse button moves a node
- The mouse wheel will zoom in/out at the current mouse location
- Dragging with the middle mouse button translates the graph view
- Clicking with the right mouse button brings up a context menu
The context menu of a node lets open a traffic graph for this node.
If you select “Open Graph” and then open the graphs tab, you will notice that there is a new graph present. It initially defaults to the ‘forward’ counters. This is the total of all ingress and egress traffic for the machine.
- Green is regular
- Red is attack
- Cyan is regular traffic that was not forwarded
- Black is attack traffic that was not forwarded
As the node we selected was a client and not a router, the colors will look a little odd for the forward table. The node is sending attack packets but not receiving any. It is receiving regular traffic data but not forwarding it. For a leaf node, you want to look at the specific interface graph.
If you select one of the node interfaces from the ‘src’ menu, you get a graph of all the ingress and egress traffic for the specific interface.
Now you can see a better picture of the traffic entering and leaving the node.