Ethereal-dev: Re: [Ethereal-dev] Flow graph functionality
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Hi Francisco/All,
I agree 100% that we should continue using one IP per column (and
not IP:port) at least for the Voice Graph analysis. The "previous
idea" was only to cover the loopback condition, and will only apply if
"IP source"="IP destination". Meaning the default behavior will be one
IP per column unless the ingress and egress IP is the same, in that
only case will use IP:port.
Regards
Alejandro
Francisco Alcoba (TS/EEM) wrote:
in the case of a loopback packet it happens to be the same port too.
In this particular case, it uses ports 5060 and 5061. So the previous idea
should work in this case.
Ok, when ip and port is the same, we can use a DOT line.
Just for curiosity, are these two cases "normal"? for me looks it should
only happen in a dev environment.
As far as calls go the only calls I'm aware of that use signalling
and involve a single node happen in labs (BTW a protocol analyzer is
very useful in the lab too!). But in applications of Francisco's Flow
Graph dialog (that uses graph_analysis too) that can happen often.
I'm afraid I'm a bit lost here, but just in case I understood it correctly...
If the "previous idea" refers to having two different columns for the same IP
with different ports, then I don't think that would be useful. The whole point
of the graph is seeing the packets moving through the network, so I would like
to know -in either Voip calls or the general flow graph- when a packet is sent
from a node that has received another one, and this might be using a different
port. For instance, in a SIP call, I might have:
Proxy
------->(5060) |
INVITE |
|
| (7777)-------->
| INVITE
The same goes for the general, for instance for a box that receives a DNS answer
that solves a domain name and then sends HTTP traffic there, a NAT translation, etc.
If those are different columns then it makes more difficult to realize what is
happening. And if there is some packet in the middle that cause them to be
a few columns apart then it is almost impossible:
Proxy Some other Proxy
------->(5060) | | |
INVITE | | |
| | |
| |(333)---------------------------->
| | WHATEVER
| | |
| | |(7777)-------->
| | |INVITE
I wonder if something like this might be done -my understanding of GTK is null-:
Sender Proxy Receiver
|------->(5060) | |
|INVITE | |
| | |
| (5060)---->(7777) |
| INVITE |
| | |
| | (7777)-------->|
| | INVITE |
It would work for either same or different port/transport, for both directions,
and the visual perception would be kept. For the ASCII dump I don't think it would
be difficult, but the graph is out of my reach.
Regards,
Francisco
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
|