On Fri, Jul 21, 2000 at 08:24:50AM +0200, Anastasia Leventi-Peetz wrote:
> But I was thinking of something making plots for me for packets
> transition velocity in dependence of port number over time.
> In this way one can see how effectively is programmed a certain
> application running on...
> It was only a hope. It is quite slow to invent scripts fishing out
> data from capture outputs to produce plots. I thought I could do it
> automatically. Do I ask for too much?
Well, part of the problem may be that there're a lot of types of data
people might want to plot - enough types that it may be impossible for
the developers of utilities such as Ethereal to anticipate all the data
people might want to plot, and thus enough types that it may be
impossible to have such a utility have all the types anybody might want
built in.
As such, *some* people are probably going to have to write scripts of
some sort, whether they're scripts that parse tcpdump or Tethereal or
snoop or... output and produce graphs (or that parse capture files
directly - I think there are, for example, modules for Perl to read
tcpdump files, and there might also be modules that can analyze packets
to some degree), or scripts in any scripting language we might build
into Ethereal.
Currently, there's no mechanism in Ethereal to gather *any* types of
statistics; this doesn't mean we're unalterably opposed to them, it just
means we haven't yet implemented them.
(Richard Sharpe has noted in another discussion that piling all those
forms of analysis into Ethereal itself might not be the right answer;
he's been looking at making a library that would, in effect, be all the
analyzers in Ethereal, made available to other programs as well, so,
with a library such as his libdencode, it might be that one would have
Ethereal for looking at the contents of packets in captures, and other
tools built atop the same library for doing data analysis on captures.)
