On Tue, Dec 17, 2002 at 11:55:54AM +0100, Marc Van Riet wrote:
> Hi,
>
> I've tried to define conversations for a proprietary Ethernet protocol
> that we've implemented. It's just a certain ethernet type code that we
> use for testing purposes.
>
> Now we'd like to have some analysis on this, e.g. to follow
> 'conversations' and to display graphs with RTT and so.
>
> I thought that we could use the 'Follow TCP Stream' and 'TCP Stream
> Analysis' options in the 'Tools' menu if conversations were defined in
> our dissector (with conversation_new() and find_conversation() ), but
> appearantly this is not so.
I don't know about 'Follow TCP Stream' but it wouldn't be too easy to
use 'TCP Stream Analysis' to analyze other protocol than TCP. Because
of lack of a suitable API at the time I wrote the TCP graphing (today it
might be different) sadly enough I ended up with not using dissectors at
all. The resulting code is very TCP specific, it's not even written to
be reusable by a different protocol. It *is* written to allow various
ways to look at a TCP stream, various graphical representations of the
underlying data, and this machinery (graph drawing, gfx primitives, axes
computation and display, scrolling, zooming, "magnifying glass") could
relatively easily be reused for whatever you want to display.
If there is a way to use Ethereal dissectors for getting values to be
graphed and if there is another protocol that could use the graphing
infrastructure, it would make sense to separate the general gfx
functionality and remove the protocol-specific parts.
pvl
