Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] tcp graphs vs. sctp graphs

From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
Date: Mon, 12 Nov 2012 15:11:40 +0100



On Mon, Nov 12, 2012 at 2:35 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:
Hi Cristian, a couple of comments in-line below.
Martin

On Mon, Nov 12, 2012 at 5:41 AM, Cristian Constantin <const.crist@xxxxxxxxxxxxxx> wrote:
hi!

I am just a bit confused about the way the tcp graphs are presented to the user.
I am using debian/Version 1.6.5

1. tcp. if one selects (for example):

Statistics/TCP Stream Graph/Window Scaling Graph

from the main menu, one gets the graph from the perspective of the endpoint which is
represented by source ip address, source ip port of the frame containing the tcp segment 
selected in the main wireshark window, right?
for getting the graph for the other endpoint, I have to close the current graph and select a tcp
segment with the source ip/port of the other endpoint and select again:

I also found the method of needing to select a frame for the chosen conversation before launching TCP Stream Graph windows frustrating... Since yesterday you can find the TCP conversation from the Statistics menu and click on buttons to launch graphs for A->B or B->A.  I didn't use TCP Stream Graphs back in 1.6 but there is no need to close one graph now before opening another.
 
Statistics/TCP Stream Graph/Window Scaling Graph

wouldn't have been more intuitive and easier to use (from the user perspective) changing the
graph dynamically when another source endpoint is selected in the main window? or to present
such a choice in the tcp graph windows?


The control window that (now) pops up alongside the graph allows you to toggle between the various graph types.  For the buttons I mentioned above, I made always start with Time / Sequence (tcptrace-style), because that seems to be the most useful one.
 [...] 

cristian: you've never had troubles with these windows, right? :-) well, believe me it can become painful. especially when you have to check more captures (both tcp and sctp).

thanks for the hints. I will try the newer version as soon as I have time to compile it.

bye now!
cristian