Hi All,
I'm currently using Ethereal to analyse logs which are collected on my
home network. As I leave tcpdump running for extended periods (close to 24
hours per log), the captures end up to about 200+MB easily.
Since I need to filter for various protocol parameters regularly when
auditing the traffic, I find Ethereal a pain as I have to wait quite a
while, even on a P4 2.8GHz with 128MB of RAM, for ALL the packets to be
dissected and then filtered. I was wondering if it was possible to cache
the results of all packet dissection in memory or an external file and index
it, avoiding the penalty of re-dissection on a change in filter expression.
Of course, there would be situations where packet dissection must happen all
over again (for example, changing some preferences), but for the most case,
the re-dissection is due to filtering.
As I am currently a student with a rather light workload, and I'm
interested in software development, I wonder if it's feasible for me to
modify Ethereal to do this and then integrate the changes back. Being a
newbie on the mailing list here, I would like to ask for the kind advice of
the more established members =) .
Thank you for your kind attention.
Charlie.
_________________________________________________________________
Let the advanced features & services of MSN Internet Software maximize your
online time. http://click.atdmt.com/AVE/go/onm00200363ave/direct/01/