As I see it, one thing that would be nice for Ethereal to do would be to
have a near real-time graph of, say, ssh traffic. (This would of course
be from a filter.) One could then watch the graph and say, "Wow, look at
the ssh traffic burst we just had." With multiple datasets in the graph
one could watch the graph and note that, for instance, SNMP traffic
comes in bursts, or watch the SNMP traffic jump when some anomoly
occurs. Post mortem graphs are nice, but live ones are better for some
things.
I don't think we need to write too much new code (unless I'm missing
something) as far as plotting goes. GtkPlot is in gtkextra and a
possibly useful stripchart plotter (GtkStripChart at
http://linas.org/stripchart/RREADME) exists, too.
BTW, as regards threads, we currently use two processes when capturing
and displaying live. We could possibly have that as an option (or do it
that way and use something like nice() if it exists on the particular
platform) if threads don't work somewhere.
--john
Joerg K wrote:
>
> Maybe I don't understand the problem, but wouldn�t it be a lot easier to
> rely on existing visualisation packages instead of writing new code based on
> glib ?
>
> Tools like those http://sal.kachinatech.com/D/1/index.shtml do all the
> boring things (axes/scaling, different plot types, colors etc) very well.
>
> Ethereal could even call e.g. gnuplot (or Excel :-) ) supplying the data
> file and options (or maybe even scripts for the plotter).
> Already a configurable CSV export feature in Ethereal would help me a lot.
--
John McDermott, Writer and Consultant
J-K International, Ltd.
V +1 505/377-6293 F +1 505/377-6313
jjm@xxxxxxxxxx