It took me quite a while today to actually get ethereal working.
The problem was that I had to enter a filter, or it would capture
nothing. In retrospect, this is not too un-reasonable, but when
you consider that tools like tcpdump take a blank filter to mean
grab everything, then it is reasonable to expect ethereal to do
the same. So, I'd like to suggest that a blank (or un-defined)
filter should mean 'grab everything'.
Some other things:
If you change a filter, then click OK, w/out clicking
'new' or 'change', then your changes are lost w/out any
warning. I would like it to realize you've changed something
and automatically save the changes, or at least give you a popup
to explain your changes will be lost.
When you start a capture, you get that little box of counters pop
up. If you hit 'X' instead of 'close', it goes a little crazy
on you (you gotta kill -9 the process that is spewing all the GTK
errors on your screen...)
Over all though, I think this is a damn fine tool, and I look foward
to learning more about it and using it (now that I know about
the filter thing!!)
Thanks,
Ben
--
Ben Greear (greearb@xxxxxxxxxxxxxxx) http://scry.wanfear.com/~greear
Author of ScryMUD: scry.wanfear.com 4444 (Released under GPL)
http://scry.wanfear.com