Hello,
Yesterday I used RTP analysis intensively on a VoIP network, to monitor
RTP streams between media gateways.
(I used ethereal 0.10.10 from latest knoppix)
I think that the RTP streams' window 'auto-refresh' is a good idea, but
it should become an option. Indeed, when monitoring ~ 50-60 streams
while capturing, scanning took nearly one second, and it is refreshed
every second, so one has no time at all to select a stream to analyse.
Solution: either provide a button to stop refreshing, or an option to
specify delay between two refreshs, or refresh only when a button is
pressed ? BTW, when you begin RTP streams analysis while capturing,
window is refreshed, right, but it keeps refreshing when you stop
capturing. That would be great if refreshing stopped too.
(other idea: a fixed-size ring buffer for packets in live capture mode
would be so wonderful :) but I know that's not easy at all)
I once also noticed some /negative/ packet loss count in the same
window. I'll try to reproduce that with my captures, if I succeed I'll
try to repair it.
What would ne nice too, is to forget everything about old RTP streams
(say, no packet for a second or two), so as to see only alive streams.
That may be an option, and it could be the default when auto-refreshing
in live capture mode. It would be easier to see how many streams are
really alive (else you have to check which packet counts are
increasing). Hmmm, indeed it's nonsense when analysing offline. But that
would be great for live monitoring :)
I also notice some memory leaks: once, after some ~ 500 000 packets
captures, I stopped and restarted capture, and I got an "out of memory
error" for fork(). Another time the computer totally froze while live
capturing. Could that be related to RTP analysis, does memory
consumption grow with streams number, and is any memory unfreed after
capture restart ? would that be enhanced by "forgetting" about old streams ?
--
Julien Leproust