Ethereal-dev: [Ethereal-dev] Packet Fence enhancement for Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin (SNO)" <Martin.Visser@xxxxxxxxxx>
Date: Tue, 14 Nov 2000 20:41:40 +0800
All,

I have been beavering away over the last few weeks developing a graphical
display add-on for Ethereal. The patch is available from
http://www.hinet.net.au/~mvisser/ethereal/ (I have tested it to patch
against on 8.12 and 8.13 on Linux. (If someone can compile it for Win32, I'd
love a copy)

I wrote this to help me "see" what is happening on the network. By judicious
use of colorisation, you can identify clumps of related activity. You can
identify server response times, inter-frame timing issues and so on. (It is
very good for looking at jitter in Voice over IP applications and the like).
This type of display I think helps engage the right-half of the brain in
problem resolution, while the left-half processes the streams of numbers in
the packet list! It is also quite an easy way to navigate around your
capture in general. A screenshot is available at from
http://www.hinet.net.au/~mvisser/ethereal/ethereal_pf.gif 
This shows the beginning of a burst of red IPX SAP frames. A large 1422
bytes frame is selected in the list and on the packet fence. (The grey box
indicates where the list is in time)

(For those interested, the name is a play on "picket fence", the effect
you'll see from the widget if you look side on.)

Some of the features are :

* Frames are displayed accurately in real-time on a zoomable linear
timescale. 
* Displayed size is proportional to frame length.
* The current "field of view" of the packet list is indicated on the packet
fence.
* Frames are coloured according to the "colorize display" foreground
settings
* The currentl frame selected in the list is indicated.
* Selecting a frame on the packet fence causes a "goto frame"
* The packet fence updating can be turned off from Display Options
* The packet fence window is in an adjustable pane

I've tested it pretty well and has no known crash points. However, if you
zoom to allow more than a 1000 frames in the display it can get a little
slow with scrolling. (On a 266Mhz machine). Some known things I'd like to
address in the near future are:-

* Allow display configuration info to be saved
* Allow the packet fence to be completely hidden from startup
* Give choice of using foreground or background list coloring
* Indicate "marked" packets.
* Optionally show filtered out packets greyed out
* Provide "Tool tips" over packet fence showing frame number.
*Provide better support for "jumbo" frames
* Prevent packet fence from unduly stealing CPU time.

In the longer term I intend to add to this widget as a suite of graphical
add-ons such as  :-

* Various graphs distinguished by display filters. These should show
bandwidth consumption at various resolutions eg. 10Hz, 1Hz, 10Hz. Also
specialist graphs such as jitter, client-server response times would be
cool. 
* Conversation matrix, showing who's talking to who. 
* A packet dissection, working in conjunction with the tree widget, that
allows you to visualise packet contents. (Not sure about this one though)
* Expert graphs displaying top-talkers and the like

Please give some feedback on packet fence, likes or dislikes and anything
you would like me to tweak and I'll try to accomodate. (This is the first
Gtk/GDK stuff I've written so be kind ;-)  I'd love to see it patched into
the main distribution. If Guy, Gilbert, Richard can let me know what they
would like above what has been done for this to happen please let me know.
(I don't think I've broken anything, apart from jemmying my way into the
main window ;-) . (I guess I should figure out how to use CVS)

Enjoy,

Martin

PS In case you are wondering, I have Compaq's blessing to contribute to this
work!

Martin Visser
Technology Consultant - Compaq Global Services

Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia

Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:martin.visser@xxxxxxxxxx