Ethereal-dev: Re: [ethereal-dev] Expert mode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Tue, 18 Jul 2000 02:51:03 +0900
At 04:12 PM 7/17/00 +0100, John Bourke wrote:
>Howdy,
>
>I understand the issue about trying to squeeze too much into the GUI, but
>the Sniffer has an expert mode which works quite well.
>
>There is a usability issue too.  The process of network trouble shooting
>should be  guided by an expert facility, and then refined by examining
>packet traces.  It may be better to do this on the same GUI, so there is a
>smooth flow between the two.

OK, I can understand this need, but I still claim that Ethereal as it
currently stands is not well suited to doing this, because the code
required to understand the protocols and pick out the anomalies does not
exist outside of the dissector routines, which both dissect a protocol, and
display it.

To implement an expert mode would require, IMO, that the dissector routines
also be called to just dissect packets and provide information that an
expert mode could pick over.

A better implementation would be to have Ethereal built on a set of
routines that understand how to dissect packets, and then the packet
display routines could do exactly that, while the expert mode could use the
same routines to dissect packets, but do different things with them.

>john
>
>----- Original Message -----
>From: Richard Sharpe <sharpe@xxxxxxxxxx>
>To: John Bourke <John.Bourke@xxxxxxxxxxxxxxxxxx>; <ethereal-dev@xxxxxxxx>
>Sent: Monday, July 17, 2000 6:32 PM
>Subject: Re: [ethereal-dev] Expert mode
>
>
>> Hi,
>>
>> At 03:16 PM 7/17/00 +0100, John Bourke wrote:
>> >Hello again !
>> >
>> >Has anyone considered an expert mode, for spotting network anomolies,
>such
>> >as excessive retransmissions ?
>>
>> Again, I think that this is not a job for Ethereal, but is a job for
>> another tool that understands the structure of the protocols involved.  It
>> would sort through the data and apply some heuristics to spot anomalies.
>>
>> Such a tool, and Ethereal, would be helped if there was an underlying
>> library that knew how to decode packets, so each higher level tool could
>> concentrate on its own job. In the case of Ethereal, that job is to
>display
>> the decoded packets.
>>
>> >john
>> >
>> >
>>
>> Regards
>> -------
>> Richard Sharpe, sharpe@xxxxxxxxxx
>> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
>> Contributing author, SAMS Teach Yourself Samba in 24 Hours
>> Author, Special Edition, Using Samba
>>
>>
>
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba