PANEMOTO: Network Visualization of Security Situational Awareness Through Passive Analysis

To maintain effective security situational awareness, administrators require tools that present up-to-date information on the state of the network in the form of ´at-a-glance´ displays, and that enable rapid assessment and investigation of relevant security concerns through drill-down analysis capability. In this paper, we present a passive network monitoring tool we have developed to address these important requirements, known as Panemoto (Passive Network Monitoring Tool). We show how Panemoto enumerates, describes, and characterizes all network components, including devices and connected networks, and delivers an accurate representation of the function of devices and logical connectivity of networks. We provide examples of Panemoto´s output in which the network information is presented in two distinct but related formats: as a clickable network diagram (through the use of NetViz, a commercially available graphical display environment) and as statically-linked HTML pages, viewable in any standard web browser. Together, these presentation techniques enable a more complete understanding of the security situation of the network than each does individually.