Brian Roberson said:
> When sniffing on our corporate network we usually don't care to decode or
> even look at the packet data. We usually only care to see the DNS names
> of the top talkers.
>
> Is there a way in Ethereal to get this functionality without the overhead
> of the packet capture?
No - Ethereal's not oriented towards real-time network performance
monitoring, it's oriented towards capturing traffic and doing detailed
analysis. The taps can do stuff in real time, but they are invoked from
the packet dissection process, so packet dissection is still done.
You might want to, instead, use tools intended for real-time network
performance monitoring. ntop:
http://www.ntop.org/
can display the top talkers in the sense of top hosts (I don't know
whether it can display top talkers in the sense of top endpoints, or top
host or endpoint pairs; you'd have to check the documentation to see), and
EtherApe:
http://etherape.sourceforge.net/
displays diagrams of host (and, it appears, TCP endpoint) pairs, with the
thickness of the line between hosts/endpoints indicating the volume of
traffic between them.