I'm working on the paper I will deliver at SANS CDI, Visualization of Network Attacks.
I decided to visualize the classic Mitnick vs Shimomura attack using DAVIX, Afterglow, and Graphviz' twopi. I generated connection data in CSV format based off Tsimomura's excellent post mortem he posted to Usenet.
This image shows the connection between the source, destination, and TCP sequence number used in the attack. SYN packets are blue, the sole ACK (the forged connection from server to xterminal) is green.