(Note to self: get the raw data with fields in the order that you want where possible/faster, rather than pumping it through sed.  Makes for good practice though.)

Using the csv file containing userids (visualized in yellow) and IPs (visualized in green) over the past few months from Splunk, here're the results of some of the experiments.

Oh, for the Windows users, you can use type instead of cat

First test using GraphViz's neato to layout:

perl afterglow.pl -b 1 -i <infile> -c color.properties -t | neato -Tgif -o output.gif

Huge, but better visualized with -e 5 option (Resulting image for that is too huge to upload though ). Note the single IP in the middle (the yellow explosion) that had been trying a LOT of userids to date.

Second test using fdp:

perl afterglow.pl -b 1 -i <infile> -c color.properties -t | fdp -Tgif -o output.gif

fdp doesn't seem to be well suited for this

Third test using sfdp:

No command here, you should have noticed the pattern from the first two...

_even_ less suited for this type of data...

Last test using twopi:

According to the GraphViz site, twopi's more suited for visualizing stuff like telecommunications flows.

twopi

Connections from/to laptop

sudo tcpdump -i wlan0 -p|cut -d' ' -f3,5|cut -d':' -f1|tee dump

cat dump |uniq |sed -r 's/^(.*)\.[^.]+ (.*)\.([^.]+)/\1,\3,\2/' > local.csv

cat local.csv |./afterglow.pl |neato -Tgif -o test.gif

What a mess!

Connections from laptop

Let's try again, this time only focusing on the outgoing connections initiated:

Much better...