[LEGO <luis.ontanon@xxxxxxxxx>]

Almost (if not every) thing you request is already available in ntop.

http://www.ntop.org


On 4/9/06, Chris Wilson <chris@xxxxxxxxx> wrote:
> Hi all,
>
> I've been a very happy user of Ethereal for about five years, and first
> of all I'd like to thank you all for your hard work in making it happen.
>
> I've been a network administrator for about eight years, but now I will
> have to start teaching new, inexperienced network administrators how to
> solve problems with their networks, particularly poor performance. These
> are usually small office networks with a slow DSL connection, in
> developing countries like Ghana, where I am now.
>
> Some of these networks have no full-time administrator, but someone on
> the staff who is slightly knowledgeable about computers, ordered a DSL
> connection and a router and networked them together.
>
> Predictably, perhaps, these networks tend to suffer from worms and from
> users downloading music and other large files, clogging their bandwidth.
> The network admins usually have no clue what is wrong, or even that
> something is wrong, and instead blame their ISP.
>
> They need to know how to solve these problems as quickly as possible,
> with minimal training and minimal skills to learn. I would call this
> "network admin for dummies".
>
> They need to be able to use a friendly, simple GUI tool to identify
> heavy traffic on their network, track down the IP address responsible
> (and preferably the computer name or the logged-in user name) and lart
> the luser of that box, or patch it up, as appropriate.
> [http://en.wikipedia.org/wiki/Bandwidth_management]
>
> For this simple task, I think that a standard network analyser/packet
> sniffer like Ethereal, with its scrolling packet window, is too
> powerful, too confusing, and presents too much information to the
> inexperienced user. (Please don't take this as a criticism - I have by
> no means dismissed Ethereal - see below).
>
> I came up with a specification for my "ideal" tool for this job, that
> would require the minimum amount of training for the user, and the
> minimum amount of work to track down each problem. I started looking
> around for tools that met this specification, and writing up the results
> on Wikipedia. [http://en.wikipedia.org/wiki/Network_traffic_measurement]
>
> This work is not finished yet, but so far I have not found a tool that
> does what I want. (Some come close, such as Paessler's PRTG). However,
> it did occur to me that Ethereal might be a good base on which to build
> such a tool, since it already has a user interface, packet capturing
> mechanism, and runs on Windows and Linux, the platforms that interest
> me.
>
> So, finally, enough introduction - sorry! I propose the following new
> feature for Ethereal: a single page or window with the following:
>
> * a bandwidth graph, like the IO graph but more real-time;
>
> * inbound and outbound traffic shown separately;
>
> * local traffic conveniently excluded (by MAC of default gateway or by
> IP range);
>
> * "top ten" lists of talkers (IP addresses) and protocols (ports or
> dissectors), and their current bandwidth use;
>
> *  when items are selected from these lists, the bandwidth used by them
> is highlighted in the graph, as a different colour line (a filter is
> automatically generated).
>
> Some already-proposed features from the Wishlist might combine well: for
> example, the ability to drag highlight over the graph and see the top
> talkers within that time period, and highlight the corresponding packets
> in the packet view. Also, the ability to capture continuously to an
> in-memory ring buffer.
>
> It would also be nice to have a one-click "capture" button, to remember
> previous settings of things like auto updating and auto scrolling the
> packet list, and hiding the capture window. Sensible defaults for this
> application would be to enable both these option. The proposed tabbed
> MDI view would make it feel like a simpler application, with the more
> powerful "packet view" hidden away behind an "advanced" tab rather than
> staring the user in the face.
>
> I have a lot of experience with C coding, and POSIX networking, but not
> with GTK. Nevertheless I would like to volunteer to implement this, and
> I would appreciate any help or advice I can get from the community. I
> would like to see this capability merged into Ethereal.
>
> Cheers, Chris.
> --
>   ___ __     _
>  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
> / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
> \ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan