Ethereal-dev: Re: [Ethereal-dev] Feature request: Graphing improvements

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Chris Wilson <chris@xxxxxxxxx>
Date: Mon, 10 Apr 2006 23:13:30 +0000
Hi Andrew,

On Mon, 2006-04-10 at 19:07 +1000, Andrew Hood wrote:

> Wouldn't something like etherape http://etherape.sourceforge.net/ give
> you most of what you are after?

Yes, it would appear to. Thanks for suggesting it! But unfortunately it
only runs on Linux, which is fine by me but rules out 99% of the "newbie
network admins" that I'm aiming for. I'll have to evaluate the relative
amount of work in implementing what I want in Ethereal, and porting
Etherape to Windows (and adding the features that are still missing).

> On the not unreasonable assumption that most users would be running
> Windoze, nmblookup from Samba will tell you who is logged on once you
> have the IP address.

Yes, I'm particularly interested in the logged-in user of a Windows box.
I'd like to be able to identify them easily from within this tool, to
save people having to use the command line and remember an arcane
nmblookup command. Hopefully nmblookup and Ethereal have compatible
licenses, and I can borrow the code directly from nmblookup.

> All of these assume you are running your monitoring tool at a place
> which can see all the relevent traffic. Otherwise you are looking at a
> requirement of smart switches on which you can use SNMP to get the port
> level statistics. Then you'll want a tool like OpenNMS, Netview or
> OpenView. All of which have some fairly formidible hardware requirements.

It's pretty easy to sniff the network traffic in most cases, by
inserting a plain old hub between the NAT router and the rest of the
network. A lot of networks here in Ghana use hubs rather than switches
anyway. And no, I don't want to get into requiring things like Cisco
Netflow, although if there was an open source Netflow server I might
reconsider. There's also RPCAP for remote monitoring, if the NAT router
runs Linux and the admin wants to run the monitoring app on a different
machine.

Cheers, Chris.
-- 
  ___ __     _
 / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |