As I see it, one thing that would be nice for Ethereal to do would be to have a near real-time graph of, say, ssh traffic. (This would of course be from a filter.) One could then watch the graph and say, "Wow, look at the ssh traffic burst we just had." With multiple datasets in the graph one could watch the graph and note that, for instance, SNMP traffic comes in bursts, or watch the SNMP traffic jump when some anomoly occurs. Post mortem graphs are nice, but live ones are better for some things.
I don't think we need to write too much new code (unless I'm missing something) as far as plotting goes. GtkPlot is in gtkextra and a possibly useful stripchart plotter (GtkStripChart at http://linas.org/stripchart/RREADME) exists, too. BTW, as regards threads, we currently use two processes when capturing and displaying live. We could possibly have that as an option (or do it that way and use something like nice() if it exists on the particular platform) if threads don't work somewhere. --john Joerg K wrote: > > Maybe I don't understand the problem, but wouldn´t it be a lot easier to > rely on existing visualisation packages instead of writing new code based on > glib ? > > Tools like those http://sal.kachinatech.com/D/1/index.shtml do all the > boring things (axes/scaling, different plot types, colors etc) very well. > > Ethereal could even call e.g. gnuplot (or Excel :-) ) supplying the data > file and options (or maybe even scripts for the plotter). > Already a configurable CSV export feature in Ethereal would help me a lot. -- John McDermott, Writer and Consultant J-K International, Ltd. V +1 505/377-6293 F +1 505/377-6313 [EMAIL PROTECTED]
