This patch adds graphing capability to ethereal-0.8.19. It's by no means complete but it is somewhat useful already. Right now it can do basic TCP stream analysis, namely time-sequence, round-trip time a throughput graphs. Click on 'Help' button in the control panel for rudimentary description of usage.
Here's the patch: ethereal-0.8.19-tcp_graphs.diff.gz.
Confirmed to compile on Linux, FreeBSD and Win32 platforms.
cd ethereal-0.8.19
patch -p1 <ethereal-0.8.19-tcp_graphs.diff
./configure
make
If you don't feel like compiling your own one of these might work for you. It should work anywhere where official 0.8.19 binary works since the graphing code doesn't add anything to ethereal's library and other dependencies. However, I couldn't give it proper testing so any trouble report is appreciated. (Please report even if everything goes well.)
So if you are willing to trust me that this is not a Trojan ;-) you can download it here:
Linux: (it's gzipped):
ethereal-0.8.19-tcp_graphs-linux.gz(You might need to chmod +x ethereal-0.8.19-tcp_graphs-linux before you can run it.)
Win32:
ethereal-0.8.19-tcp_graphs.exe(I guess it should be enough to replace the original ethereal.exe binary with this one to make it happen but I'm not sure - again, success/failure reports appreciated.)
(slightly outdated)
|
|
This is a tcptrace-style time-sequence graph. A magnify window is shown which makes it possible to quickly zoom in a portion of graph to examine details without zooming the whole graph. |
|
|
This is a round-trip time graph. It is usually useless to create rtt graphs from dumps acquired near the receiver so this one shows rtt's as seen by the sender (ftp server). |
|
|
This is a throughput graph. You can see the crosshairs, too. |
ethereal-0.8.18-tcp_graphs.diff.gz.
ethereal-0.8.14-tcp_graphs.diff.gz.
Feel free to contact me at pvl at uh.cz.