Ethereal-dev: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Ronnie,
The show conversations window basically builds a list of all conversations based on the MAC, IP, TCP, or IPX headers. This allows the user to select each conversation dynamically to create the proper display filter for just the selected conversations. Since I only use Ethereal to analyze traces that I receive from customers I never use tethereal. So, I can't really comment on if it does more or less then -z io,users,.... does. I have attached an html doc that shows how this works. Sorry but the first one I sent out was really a Microsoft Word doc instead of rtf like the extension indicated. This made it difficult to open without word or a viewer.
Greg
>>> "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx> 8/20/2003 3:51:04 AM >>> I dont know what overlap there might be. My version is just really the same thing as tethereal -z io,users,... does but just presented as a clist that can be sordet by column. I plan to enhance it to allow you to select one "conversation" and tell the main window in ethereal to apply a displayfilter that only matches the selected "conversation". I appologize if my ignoranze of Greg's patch mistakenly thought his patch was also just a tethereal -z io,users, clist. One thing in the first patch i was not comfortable with was that it accessed wiretap directly and is thus exposed to the cap file encapsulation and the link layers instead of using the tap system. I will look into his patch and see what i missed in my ignorance. If they provide different featuresets, lets just get both of them in, the more the merrier. what additional features than just a gui version of -z io,users,... does Greg's patch provide? best regards ronnie sahlberg ----- Original Message ----- From: "Guy Harris" Sent: Wednesday, August 20, 2003 4:17 PM Subject: Re: [Ethereal-dev] Resend: Another new feature for Ethereal. > On Wed, Aug 20, 2003 at 06:56:32AM +1000, Ronnie Sahlberg wrote: > > Unfortunately there is some duplication of work in this area. > > I completed a very similar feature during my travels that will create a > > clist of all "conversations". > > So does your stuff implement all the same stuff Greg's does? If not, > how hard would it be to implement that atop your stuff? > > > Though it does not use the conversation mechanism in ehtereal. > > One problem with using it is that they're created "on demand", and it's > hard for the "demand" to come from outside. > |
New
Tools menu option "Show Conversations" You
can now display all conversations contained within the current packet trace by
MAC, IP, TCP, or IPX addresses. MAC -
Lists all conversations between each MAC address. IP -
Lists all conversations between each IP address. TCP
- Lists all conversations between each IP address and TCP port. IPX
- Lists all conversations between each IPX network, node, and socket. Features:
Any of the conversations windows will automatically read any other existing
filters. So building complex filters should be much easier. By clicking on one
of the conversations the status will change to "On" indicating that a
filter is active for that conversation. When you click the OK button the filter
is applied to the current packet trace and is echoed to the Display Filter text
window at the bottom of the Ethereal main window. Another
neat feature is that each column is sort-able. So within each conversation
window you can click on the column header to sort by that column. The default
sort is for the first address column. But you can change that to meet you needs
by clicking on the desired column header. Also note that the numerical sort is
a limitation in GTK that I have no control over. So when you click to sort on
the Packets column 1, 10, and 100 would come before 2, 3, 4, etc... If
you build a filter via the conversation windows you can easily remove it by
clicking on the Reset button on the main window. You can also turn off each
filter individually by clicking on the conversation until the status is
displayed as "Off". |
- Prev by Date: [Ethereal-dev] Freeing memory on exit?
- Next by Date: FW: [Ethereal-dev] ISUP patch
- Previous by thread: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.
- Next by thread: [Ethereal-dev] problem building Ethereal on Win32
- Index(es):