Hi all,
I've been a very happy user of Ethereal for about five years, and first
of all I'd like to thank you all for your hard work in making it happen.
I've been a network administrator for about eight years, but now I will
have to start teaching new, inexperienced network administrators how to
solve problems with their networks, particularly poor performance. These
are usually small office networks with a slow DSL connection, in
developing countries like Ghana, where I am now.
Some of these networks have no full-time administrator, but someone on
the staff who is slightly knowledgeable about computers, ordered a DSL
connection and a router and networked them together.
Predictably, perhaps, these networks tend to suffer from worms and from
users downloading music and other large files, clogging their bandwidth.
The network admins usually have no clue what is wrong, or even that
something is wrong, and instead blame their ISP.
They need to know how to solve these problems as quickly as possible,
with minimal training and minimal skills to learn. I would call this
"network admin for dummies".
They need to be able to use a friendly, simple GUI tool to identify
heavy traffic on their network, track down the IP address responsible
(and preferably the computer name or the logged-in user name) and lart
the luser of that box, or patch it up, as appropriate.
[http://en.wikipedia.org/wiki/Bandwidth_management]
For this simple task, I think that a standard network analyser/packet
sniffer like Ethereal, with its scrolling packet window, is too
powerful, too confusing, and presents too much information to the
inexperienced user. (Please don't take this as a criticism - I have by
no means dismissed Ethereal - see below).
I came up with a specification for my "ideal" tool for this job, that
would require the minimum amount of training for the user, and the
minimum amount of work to track down each problem. I started looking
around for tools that met this specification, and writing up the results
on Wikipedia. [http://en.wikipedia.org/wiki/Network_traffic_measurement]
This work is not finished yet, but so far I have not found a tool that
does what I want. (Some come close, such as Paessler's PRTG). However,
it did occur to me that Ethereal might be a good base on which to build
such a tool, since it already has a user interface, packet capturing
mechanism, and runs on Windows and Linux, the platforms that interest
me.
So, finally, enough introduction - sorry! I propose the following new
feature for Ethereal: a single page or window with the following:
* a bandwidth graph, like the IO graph but more real-time;
* inbound and outbound traffic shown separately;
* local traffic conveniently excluded (by MAC of default gateway or by
IP range);
* "top ten" lists of talkers (IP addresses) and protocols (ports or
dissectors), and their current bandwidth use;
* when items are selected from these lists, the bandwidth used by them
is highlighted in the graph, as a different colour line (a filter is
automatically generated).
Some already-proposed features from the Wishlist might combine well: for
example, the ability to drag highlight over the graph and see the top
talkers within that time period, and highlight the corresponding packets
in the packet view. Also, the ability to capture continuously to an
in-memory ring buffer.
It would also be nice to have a one-click "capture" button, to remember
previous settings of things like auto updating and auto scrolling the
packet list, and hiding the capture window. Sensible defaults for this
application would be to enable both these option. The proposed tabbed
MDI view would make it feel like a simpler application, with the more
powerful "packet view" hidden away behind an "advanced" tab rather than
staring the user in the face.
I have a lot of experience with C coding, and POSIX networking, but not
with GTK. Nevertheless I would like to volunteer to implement this, and
I would appreciate any help or advice I can get from the community. I
would like to see this capability merged into Ethereal.
Cheers, Chris.
--
___ __ _
/ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |