Hi,
At 12:32 PM 7/17/00 +0100, John Bourke wrote:
>Hello,
>
>I was planning do to some work like this over the coming months. It would
>good to come up with a generic scheme to allow any protocol to be described.
I think that Ethereal is not a good place to do the things that are being
discussed here.
I have done some work on developing libdencode, a library that abstracts
knowledge of protocols out of into its own library and out of Ethereal. At
the moment, Ethereal intermixes protocol knowledge and display, and there
are many other projects that would benefit from a library that is able to
understand a packet stream and to be able to answer questions about the
packet stream.
It would be good to be able to filter such a stream looking for certain
types of packets, and do other things. A specific example I was thinking of
was in looking at a Web site from the network traffic and making evaluations.
I was looking at a web site, and took a trace of the site and was able to
see problems with the site. One can make estimates of the likely download
time and things of that nature simply by looking at the packet stream. I
have started coding this up but have left off while persuing other things.
In addition, and this answers your main question above, I have developed a
simple protocol description language (which I think I do not want to
release) for the SMB decode stuff. I auto-generated much of the decode
stuff using that language.
I am now working on an XML-based description language for another Ethereal
project I am working on. This language should allow me to describe a
protocol and then generate code from it to decode the protocol. It could
also be used for other things, perhaps like what you want.
I propose to use Perl initially, because it has an XML parsing module and I
can work in Perl and generate C code from Perl.
In a couple of days (like this week or next), I guess I could post some
comments about where I am up to on this.
I would welcome any additional input.
>How do I go about proposing an extension to Ethereal and then doing the work
You communicate with the Ethereal gods :-)
>?
>
>
>john
>
>
>> ----- Original Message -----
>> From: Darren Steven <dsteven@xxxxxxxxxxxxxxxxxxxxx>
>> To: <ethereal-dev@xxxxxxxx>
>> Sent: Friday, July 14, 2000 2:56 AM
>> Subject: [ethereal-dev] Using Ethereal to measure application performance
>>
>>
>> | Just a quck question about a direction for ethereal to take one day;
>> |
>> | Is it likely to be feasible to get data out of ethereal that could be
>> | used in application performance analysis. What I want to do is end up
>> | with a series of records that describe conversations between machines.
>> | they would list the hosts involved, the type of communication, and the
>> | request-response time interval, an possibly the total conversation time.
>> | It would be like a merging of the follow TCP and protocol dissection.
>> |
>> | eg
>> | timestamp,request source host,request dest host,protocol,conversation
>> | descreption (eg IMAP fetch),response time,duration,bytes
>> |
>> | that is, the protocol dissector would note the beginning of a request,
>> | (IMAP fetch for eg), not when the server responded, and how long it took
>> | to finish the request.
>> |
>> | This data could then be stuffed into a database, and response time vs
>> | time etc could be analysed, to provide some application level data
>> | similar to products like compuwares eco-scope.
>> |
>> | Regards,
>> |
>> | Darren Steven
>> | Applications Specialist
>> | Networking Tasmania
>> | Telstra Australia
>> | Ph.1800 813 302
>> |
>> |
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba