Hi Ulf,
On Mon, 2006-04-10 at 03:24 +0200, Ulf Lamping wrote:
> I don't see a real point in separating ingoing and outgoing traffic in
> the packet list. What is the benefit of having two packet lists splitted
> into the direction. It might be an idea to specially mark the current
> local address(es) in the packet list output. Or do I misunderstand you here?
Imagine you have a DSL link which is 1024 kbit down, 128 up. Your link
is performing slowly, and you want to know why. One user is downloading,
but has carefully throttled their own bandwidth (or you did it for them)
to 800 kbits, so they are not overloading the link. Someone else is
uploading 128 kbits and flooding your upstream. This is the real
culprit, but it would be easy to miss this 128 kbit stream in the
"noise" of the 800, if they were not separated by direction.
> You may mean to identify the ingoing / outgoing direction by the current
> interface selection. There's a problem: if you change your location this
> information is gone and won't be saved in the capture file. If someone
> else get's the capture file this might add more confusion than
> clarification. I don't know if that's more of a theoretical than a
> practical problem.
I'm not expecting users to work with saved capture files in this kind of
scenario, but if they did, they could easily override the default
local/remote filter. The defaults should "just work" for the common
case, real time live sniffing and graphing.
> How to display a bandwidth graph, if you don't know the max bandwidth of
> the current interface (we currently don't have a way to get the max
> throughput of an interface as libpcap doesn't include this info) and we
> certainly won't have it after Ethereal is closed.
Not sure that the maximum theoretical bandwidth matters. If you are
filling up the link, the graph will "flat top". This is the danger sign
that you want to look out for. Where it flat tops (how high it goes) is
largely irrelevant unless you think your broadband provider is cheating
on you.
> BTW: There *is* already a one click capture button in the toolbar
> called: "Start a new live capture" using the same settings than before
> (the third button from the left in the toolbar).
I didn't think it was possible to save sensible defaults for this
option, but I've just discovered that it is, thanks!
Cheers, Chris.
--
___ __ _
/ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |