On Tue, Jun 20, 2000 at 02:29:35PM +0900, Richard Sharpe wrote:
> One feature that I liked in NetMon that is not in Ethereal is good handling
> of names for transmitting devices.
>
> What I have in mind is an addresses databases.
>
> When any dissector figures out a name for a party of any comminication, it
> should register that in a names database.
This might be done by having "resolv.c" export routines to let a
dissector add entries to its tables of addresses.
> Each party can have many names:
>
> - Its MAC address, eg Ethernet, Frame, etc
> - Its IP address
> - Its DNS name
> - Its NetBIOS name
> - Its IPX name
> - Etc
If you split those into names and addresses, the set of address types
currently supported by "resolv.c" are:
Ethernet-style MAC addresses (Ethernet/FDDI/Token-Ring/whatever
other protocols use them)
IPv4 addresses
IPv6 addresses
IPX networks
although it doesn't have a hash table for IPv6 address->name mappings.
Currently, the "resolv.c" routines don't use the "address" structures
from "packet.h", which include an address type, an address length, and a
pointer to the bytes of the address; having them do so might be a useful
generalization.
> This will require that each dissector be given one of the names that have
> already been discovered so it can look up the object in order to register
> any new names.
If we had a routine that took an "address *" and attempted to look up
the name corresponding to that address, the dissector might be able to
take the "net_src" and "net_dst" addresses from the "packet_info"
structure, look up a host name, and use that.
If the packet is what *contains* the name, then that wouldn't be
necessary. (Consider, for example, the DNS dissector registering
information from the resource records in a DNS reply - or a NetBIOS
Session Service connection request, which contains source and
destination NetBIOS names, as I remember; I think Network Monitor will
add those as, for example, names for the IP source and destination
addresses of the connection request.)
> The GUI should allow you to specify that any type of name be displayed, and
> it would be nice to be able to list the objects in the database and their
> attibutes.
...and we might want to support writing out the database, as NetMon does
and as snoop does with the "-N" flag (although that's only IP addresses,
in "/etc/hosts" format).
We'd also want to support *reading* those files (again, as NetMon does,
and as snoop does with the "-n" flag).