Hello,
Yesterday I used RTP analysis intensively on a VoIP network, to monitor 
RTP streams between media gateways.
(I used ethereal 0.10.10 from latest knoppix)
I think that the RTP streams' window 'auto-refresh' is a good idea, but 
it should become an option. Indeed, when monitoring ~ 50-60 streams 
while capturing, scanning took nearly one second, and it is refreshed 
every second, so one has no time at all to select a stream to analyse. 
Solution: either provide a button to stop refreshing, or an option to 
specify delay between two refreshs, or refresh only when a button is 
pressed ? BTW, when you begin RTP streams analysis while capturing, 
window is refreshed, right, but it keeps refreshing when you stop 
capturing. That would be great if refreshing stopped too.
(other idea: a fixed-size ring buffer for packets in live capture mode 
would be so wonderful :) but I know that's not easy at all)
I once also noticed some /negative/ packet loss count in the same 
window. I'll try to reproduce that with my captures, if I succeed I'll 
try to repair it.
What would ne nice too, is to forget everything about old RTP streams 
(say, no packet for a second or two), so as to see only alive streams. 
That may be an option, and it could be the default when auto-refreshing 
in live capture mode. It would be easier to see how many streams are 
really alive (else you have to check which packet counts are 
increasing). Hmmm, indeed it's nonsense when analysing offline. But that 
would be great for live monitoring :)
I also notice some memory leaks: once, after some ~ 500 000 packets 
captures, I stopped and restarted capture, and I got an "out of memory 
error" for fork(). Another time the computer totally froze while live 
capturing. Could that be related to RTP analysis, does memory 
consumption grow with streams number, and is any memory unfreed after 
capture restart ? would that be enhanced by "forgetting" about old streams ?
--
Julien Leproust