Ethereal-dev: [Ethereal-dev] Packet Fence enhancement for Ethereal
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Visser, Martin (SNO)" <Martin.Visser@xxxxxxxxxx>
Date: Tue, 14 Nov 2000 20:41:40 +0800
All, I have been beavering away over the last few weeks developing a graphical display add-on for Ethereal. The patch is available from http://www.hinet.net.au/~mvisser/ethereal/ (I have tested it to patch against on 8.12 and 8.13 on Linux. (If someone can compile it for Win32, I'd love a copy) I wrote this to help me "see" what is happening on the network. By judicious use of colorisation, you can identify clumps of related activity. You can identify server response times, inter-frame timing issues and so on. (It is very good for looking at jitter in Voice over IP applications and the like). This type of display I think helps engage the right-half of the brain in problem resolution, while the left-half processes the streams of numbers in the packet list! It is also quite an easy way to navigate around your capture in general. A screenshot is available at from http://www.hinet.net.au/~mvisser/ethereal/ethereal_pf.gif This shows the beginning of a burst of red IPX SAP frames. A large 1422 bytes frame is selected in the list and on the packet fence. (The grey box indicates where the list is in time) (For those interested, the name is a play on "picket fence", the effect you'll see from the widget if you look side on.) Some of the features are : * Frames are displayed accurately in real-time on a zoomable linear timescale. * Displayed size is proportional to frame length. * The current "field of view" of the packet list is indicated on the packet fence. * Frames are coloured according to the "colorize display" foreground settings * The currentl frame selected in the list is indicated. * Selecting a frame on the packet fence causes a "goto frame" * The packet fence updating can be turned off from Display Options * The packet fence window is in an adjustable pane I've tested it pretty well and has no known crash points. However, if you zoom to allow more than a 1000 frames in the display it can get a little slow with scrolling. (On a 266Mhz machine). Some known things I'd like to address in the near future are:- * Allow display configuration info to be saved * Allow the packet fence to be completely hidden from startup * Give choice of using foreground or background list coloring * Indicate "marked" packets. * Optionally show filtered out packets greyed out * Provide "Tool tips" over packet fence showing frame number. *Provide better support for "jumbo" frames * Prevent packet fence from unduly stealing CPU time. In the longer term I intend to add to this widget as a suite of graphical add-ons such as :- * Various graphs distinguished by display filters. These should show bandwidth consumption at various resolutions eg. 10Hz, 1Hz, 10Hz. Also specialist graphs such as jitter, client-server response times would be cool. * Conversation matrix, showing who's talking to who. * A packet dissection, working in conjunction with the tree widget, that allows you to visualise packet contents. (Not sure about this one though) * Expert graphs displaying top-talkers and the like Please give some feedback on packet fence, likes or dislikes and anything you would like me to tweak and I'll try to accomodate. (This is the first Gtk/GDK stuff I've written so be kind ;-) I'd love to see it patched into the main distribution. If Guy, Gilbert, Richard can let me know what they would like above what has been done for this to happen please let me know. (I don't think I've broken anything, apart from jemmying my way into the main window ;-) . (I guess I should figure out how to use CVS) Enjoy, Martin PS In case you are wondering, I have Compaq's blessing to contribute to this work! Martin Visser Technology Consultant - Compaq Global Services Compaq Computer Australia 410 Concord Road Rhodes, Sydney NSW 2138 Australia Phone: +61-2-9022-5630 Mobile: +61-411-254-513 Fax:+61-2-9022-7001 Email:martin.visser@xxxxxxxxxx
- Prev by Date: [Ethereal-dev] Sangoma packet captures now handled by Ethereal
- Next by Date: [Ethereal-dev] Patch enabling ethereal to dissect IEEE-802.11 (Wireless LAN) frames
- Previous by thread: Re: [Ethereal-dev] Sangoma packet captures now handled by Ethereal
- Next by thread: RE: [Ethereal-dev] Packet Fence enhancement for Ethereal
- Index(es):