Ken Kriesel wrote:
I would find it useful for there to be a specifications section in the ethereal
documentation, describing current limits of the program such as:
Number of bits of precision in byte counters for conversations, other statistics.
Maximum table size for endpoint addresses, conversations, etc.
Recommendations of minimum hardware versus speed of network to be
captured.
Also, does ethereal support error packet reporting & capture?
Ethereal could support error packet reporting from applications that
support error packet capture, if we added a mechanism to Wiretap to
provide that information from, for example, various flavors of Sniffers.
Ethereal could support error packet capture if the underlying drivers on
the OS supplied them to libpcap/WinPcap and thus to Ethereal. Those
drivers aren't under our control, so we can't make that happen. It
would also at least help if the packet capture mechanism support getting
information such as error flags (runt, CRC error, too long, etc.) from
the driver, and supplying that information to code such as libpcap
running on top of it. Getting that information to Ethereal would
involve API changes to let libpcap provide that information to its
callers, and a change to the libpcap file format (such as the pcap-NG
format:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
) to store that information.
(Or, to put it another way, unlike the sorts of commercial packet
analyzers to which Windows users might be familiar, Ethereal's not a
"complete package", whose developers completely control the capture file
format and the code path for capturing all the way down to the drivers;
it's an application that runs atop existing packet capture mechanisms
and uses an existing capture format, although some of us who are
Ethereal developers are also in a position to at least *influence* the
other components, although we're not in a position to *control* them.)