Chris Wilson wrote:
Sorry, but I don't understand why it would it be hard? I proposed some
changes to the graphing window that look like they would be fairly easy
to implement (a few weeks' work) but would make Ethereal much easier to
use for beginner network admins.
Hi Chris!
Don't wanted to discourage you in improving the current Ethereal state
of ease of use. I've spend more than the last two years to have the
basic GUI code behave better :-)
What I meant would be hard is to bring Ethereal into a shape so it would
work well for monitoring purposes.
Ethereal currently:
- dissects incoming packets up to the last byte (if it knows the
protocol well :-), while a monitoring / measurement tool will only
dissect a packet up to the interesting point (performance)
- keeps session related information so it will consume memory until it
crashes (and this might happen soon on a very busy network)
So it would be very hard to convert Ethereal into a 24/7 monitoring tool
like MRTG.
Improving the existing graph windows and their usage is a completely
different thing. Improving them seems to be a very good idea to me :-)
I'm convinced enough that Ethereal is a good base platform for this kind
of tool that I'd be ready to fork it and develop my own version with
better graphing tools, but of course I'd rather not do that if I can get
any support from the developers to add that functionality to the core
Ethereal code base.
Improving the current functionality seems to be a good idea (much better
than forking).
I don't think it would require a significant amount of extra code, or
impose much penalty (more than 100kb of compiled code) on any user who
doesn't want to use it. But even as someone who can read a tcpdump
trace, I would occasionally find it useful to have a bird's eye view of
network traffic, rather than the up-close-and-personal packet view.
Especially if I could have both in the same tool, on the same data, and
switch between them at will, as I was proposing.
I don't think that the memory consumption would be a big deal. Having a
birds eye view is something currently really missing - that's true.
But don't underestimate the time you'll need to do the GTK changes!
But none of them are open source, or run on both Windows and Linux, as
far as I can tell (my research isn't finished yet).
Well, that's true. Some of them are open source, some are Linux only,
some are ...
I hope that somebody other than me thinks this is a good idea, and worth
having in Ethereal.
After thinking about it again, it boils down to:
Currently, Ethereal presents the details on the screen and can provide
you with more general information in the Statistics menu (which is very
hard to find for a newbie - and sometimes even me :-)
When I understand you correct, you suggest to bring some "basic network
facts" (top talkers, ...) more up to the front of the GUI for everyone
to see.
While some of your ideas sounds good at a second thought, others might
not be such a good idea anyway or really hard to implement.
Some time ago, I was thinking about bringing some of the basic statistic
outputs more up to front by using tabs for the main window.
Regards, ULFL
P.S: As Lego suggested, ntop provides the information about the
*current* network load. It won't provide info about a capture file done
by someone else earlier. So no real help here.