On Sat, Jul 14, 2001 at 02:59:18PM +0200, Pavel Mores wrote:
> I've been following discussions on the list for some time now and I'd
> like to tell you something.
As would I.
> It seems to me that some of us are so
> consumed by all of these fancy new dissectors and their supporting
> infrastructure that they tend to miss the point of network traffic
> analysis.
What is "the point of network traffic analysis"?
Different users have different reasons why they use a network analyzer.
I am a software developer at a manufacturer of, well, Network
Appliances; the reason why *I* use a network analyzer is to look at
specific problems, which often involves looking at a specific trace in
detail.
Others may be doing broader analyses, e.g. statistical analyses.
> Support for some sort of API
> I'm talking about, however limited, and a couple of obvious callback
> points in the packet processing chain would enable people to use your
> program in a way you've never dreamt of.
Or, alternatively, making the stuff in the epan directory a library, and
either having a separate library with the dissectors, putting the
dissectors into the library as well, or making them all loadable at run
time by that library, and having people build *multiple* programs from
that library, would enable people to use our code in ways that Ethereal
doesn't.
It is not *ipso facto* the case that Ethereal needs to Do It All by
itself. It may be that some or all other analysis functions are best
done inside Ethereal - for example, as the TCP graphing stuff connects
the packet list and the graph, it may be that it's best done inside
Ethereal - but I'm not going to take as a given the notion that
all forms of network traffic analysis should be done by Ethereal as a
program. (I won't necessarily reject all attempts to put forms of
analysis into Ethereal; I'm merely not going to take as an
unchallengable axiom the notion that they *should* all be put in there.)