Hi People,
During the last few months I've been writing a configurable upper
level analysis engine for ethereal.
MATE is an ethereal module that allows the user to specify how
different frames are related to each other. To do so, mate extracts
data from the frames's tree and then, using that information, tries to
group the frames based on the rules from the configuration file. Once
the PDUs are related MATE will create a "protocol" tree with fields
the user can use to filter. The fields will be almost the same for all
the related frames, so one can filter a complete session spanning
several frames containing more protocols based on an attribute
appearing in some frame belonging to it. Other than that MATE allows
to filter frames based on response times of transactions, number of
pdus in a group and many more. MATE is described in
http://wiki.ethereal.com/Mate
MATE's goal is to enable users to filter frames based on information
extracted from other related frames or information on how frames
relate to each other. MATE was written to help troubleshooting
gateways and other systems where a "use" involves more protocols.
However MATE can be used as well to analyze other issues regarding a
interaction between packets like response times, incompleteness of
transactions, presence/absence of certain attributes or conditions in
a group of PDUs and more. Some example configurations can be found in
http://wiki.ethereal.com/Mate_2fExamples
In http://wiki.ethereal.com/Mate_2fTutorial there's brief
configuration tutorial where MATE gets configured to group all the
PDUs of a web visit (that is DNS and all the HTTP sessions) to allow
the user to filter for example in the time taken to load the whole
page.
MATE pretty close to delivery. As so, MATE needs volunteers that know
how the protocols they work with interact with each other. The goal:
to help improving MATE, there are several things still to do.
Information on how obtain and install mate in your system can be found in:
http://wiki.ethereal.com/Mate_2fTesting
- We are missing a plugin binaries for platforms other than Mac OS X
and Windows it would be nice if someone could build them and make them
available.
- Naturally, there are bugs in the code we have to find them.
- The examples collection and library is far far away from complete.
It would be nice, for both the sake of completeness and testing, that
more people contribute example configurations and "library modules".
You can do it updating the wiki pages:
http://wiki.ethereal.com/Mate_2fLibrary and
http://wiki.ethereal.com/Mate_2fExamples .
- As said before MATE's embryonic documentation can be found in
http://wiki.ethereal.com/Mate. So far it is not close to complete. Not
even good, I'm not a good writer. It *REALY* needs an editor, any
volunteers out there?
- So far there has baing very little feedback on what to add and how
to improve MATE. Suggestions are always welcome.
In http://wiki.ethereal.com/Mate_2fDiscussion there is a list of
improvements planned for MATE, you might have your own.
Best Regards,
Luis Ontanon