Ethereal-dev: Re: [Ethereal-dev] Advice on how to make a protocol grapher...
Hi,
First, thanks Ronnie for pointing out the -z option of tethereal. My
RedHat
comes with tethereal 0.9.6, which seems not to have this option... (wget
and
make are not far away...).
Martin, your script looks great. It does what I need (one of the
protocols I
need graphs for is SMB, others are HTTP, SMTP, and some others) and more
(RTT
graphs, which I didn't think of at first, but could be interresting
too).
However, if I understood well the output of "tethplot -h", it needs a
capture
file as an input. My problem is that I need graphs over a long period of
time
(say, 24 hours as a start...), and I experienced that my computer
crashes
after capturing about 100 000 packets (out of memory ?). That is 20
minutes on
my 10 MBps subnet... and I am planning to deploy this tool, once
properly set
up, on 100 Mbits links too. I also wonder about capture files sizes : a
capture on a 100Mbit network with an average load of 10% over 24 hours
would
give a capture file a few Gb large...
Jason was right, "it's a matter of trying to make what already exists
work in
real time" !
I'll continue thinking about possible solutions. If you have other ideas
(either completely new or based on tethplot), please let me know.
Regards,
Loïc
"Visser, Martin (Sydney)" a écrit :
> I have an updated version, I'm calling it "tethplot" that now plots SMB
> and DCERPC response times - both against time and also does a frequency
> distribution of response times, by counting responses in discrete
> buckets.
>
> I've attached the latest script, (read the message Ronnie linked to for
> more on the requirements), as well as a sample of the new frequency
> distribution graph. (running "tethplot -help" should display available
> options.)
>
> I am trying to make it into a generic script that can create a whole lot
> of useful graphs for analysing data available from (t)ethereal. I am
> definitely going to address being to able graphing protocols in an "area
> graph" against time, (actually I want to be generally graph any class of
> traffic against time such as time).
>
> I also want to use the io,users, output to produce graphs to represent
> the conversation matrix ( for example plotting top 100 sources and sink
> against each other).
>
> So I guess watch this space.
>
> (BTW I would like to hold copyright on the script, but will make it
> available under GPL)