> > Wouldn't something like etherape
> http://etherape.sourceforge.net/ give
> > you most of what you are after?
>
> Yes, it would appear to. Thanks for suggesting it! But
> unfortunately it only runs on Linux, which is fine by me but
> rules out 99% of the "newbie network admins" that I'm aiming
> for. I'll have to evaluate the relative amount of work in
> implementing what I want in Ethereal, and porting Etherape to
> Windows (and adding the features that are still missing).
I've read the whole thread (very interesting btw :) ).
I think that what you are missing is a way to visualize the traffic in
many, many different ways. Top sender/receivers, incoming/outgoing,
protocols (voip, ...)). Even ways you didn't think of yet, because a
situation will arise that you didn't think about before.
I think that most of it could be done (offline with some pre-processing
and maybe "live") using a vizualisation toolkit like prefuse
(http://prefuse.sourceforge.net/). Prefuse is great to identify things
that are hidden in a lot of data. Which is probably what you are trying
to do
If you don't know prefuse, look at the examples, this could give you
some ideas.
Prefuse being java, you reduce platform dependencies (and can even embed
it in a browser).
I've been thinking about prefuse vizualisation for Ethereal traffic for
some time now, without having any cycle to dedicate to that.
PDML or PSML export could be a way (via LUA for live traffic?)
Olivier.