Ethereal-users: Re: [ethereal-users] Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Tue, 9 May 2000 23:04:02 -0700
On Tue, May 09, 2000 at 02:15:32PM +0100, Graham Bloice wrote:
> > I was wondering if u plan to add sort by ip?
> 
> I submitted a patch last week that allows clicking on the column heading to
> sort that column, but it hasn't been incorporated yet.

I've checked it in (along with a man page update).  (Anders should note
that the address columns are sorted as strings, rather than, for
example, by sorting IP addresses as 32-bit unsigned numbers.)

> I can send it to you if you wish.

Here's a patch against the current state of the CVS tree (which should,
for the files in question, be the same as what's in the latest Ethereal
release, 0.8.8).

It includes the man page update.
Index: AUTHORS
===================================================================
RCS file: /usr/local/cvsroot/ethereal/AUTHORS,v
retrieving revision 1.105
diff -c -r1.105 AUTHORS
*** AUTHORS	2000/04/21 01:45:58	1.105
--- AUTHORS	2000/05/10 05:56:16
***************
*** 293,298 ****
--- 293,299 ----
  Graham Bloice <graham.bloice@xxxxxxxxxxxxx> {
  	Win32 icon for Ethereal, and Win32 resource-compiler files to
  	    add version/copyright/etc. information to Win32 executables
+ 	Support for sorting columns in the summary by clicking on them
  }
  
  Ralf Schneider <ralf.schneider@xxxxxxxxxx> {

Index: doc/ethereal.pod.template
===================================================================
RCS file: /usr/local/cvsroot/ethereal/doc/ethereal.pod.template,v
retrieving revision 1.84
diff -c -r1.84 doc/ethereal.pod.template
*** doc/ethereal.pod.template	2000/04/15 22:11:26	1.84
--- doc/ethereal.pod.template	2000/05/10 05:56:19
***************
*** 247,253 ****
  temporary file will be created to hold the capture.  The location of the
  file can be chosen by setting your TMPDIR environment variable before
  starting B<Ethereal>.  Otherwise, the default TMPDIR location is
! system-dependent, but is likely either /var/tmp or /tmp.
  
  =item Display:Options
  
--- 247,253 ----
  temporary file will be created to hold the capture.  The location of the
  file can be chosen by setting your TMPDIR environment variable before
  starting B<Ethereal>.  Otherwise, the default TMPDIR location is
! system-dependent, but is likely either F</var/tmp> or F</tmp>.
  
  =item Display:Options
  
***************
*** 330,352 ****
  strip that shows the file load progress, current filter, and informational
  text.
  
  The top pane contains the list of network packets that you can scroll
! through and select.  The packet number, packet timestamp, source and
! destination addresses, protocol, and description are printed for each
! packet.  An effort is made to display information as high up the protocol
! stack as possible, e.g. IP addresses are displayed for IP packets, but the
! MAC layer address is displayed for unknown packet types.  The right
! mouse button can be used to pop up a menu of operations.
  
  The middle pane contains a I<protocol tree> for the currently-selected
  packet.  The tree displays each field and its value in each protocol
  header in the stack.  The right mouse button can be used to pop up a
  menu of operations.
  
  The lowest pane contains a hex dump of the actual packet data. 
  Selecting a field in the I<protocol tree> highlights the corresponding
  bytes in this section.
  
  A display filter can be entered into the strip at the bottom. 
  A filter for HTTP, HTTPS, and DNS traffic might look like this:
  
--- 330,372 ----
  strip that shows the file load progress, current filter, and informational
  text.
  
+ =over 6
+ 
+ =item Top Pane
+ 
  The top pane contains the list of network packets that you can scroll
! through and select.  By default, the packet number, packet timestamp,
! source and destination addresses, protocol, and description are
! displayed for each packet; the I<Columns> page in the dialog box popped
! up by I<Edit:Preferences> lets you change this (although, unfortunately,
! you currently have to save the preferences, and exit and restart
! Ethereal, for those changes to take effect).
! 
! If you click on the heading for a column, the display will be sorted by
! that column; clicking on the heading again will reverse the sort order
! for that column.
! 
! An effort is made to display information as high up the protocol stack
! as possible, e.g. IP addresses are displayed for IP packets, but the
! MAC layer address is displayed for unknown packet types.
! 
! The right mouse button can be used to pop up a menu of operations.
! 
! =item Middle Pane
  
  The middle pane contains a I<protocol tree> for the currently-selected
  packet.  The tree displays each field and its value in each protocol
  header in the stack.  The right mouse button can be used to pop up a
  menu of operations.
  
+ =item Bottom Pane
+ 
  The lowest pane contains a hex dump of the actual packet data. 
  Selecting a field in the I<protocol tree> highlights the corresponding
  bytes in this section.
  
+ =item Current Filter
+ 
  A display filter can be entered into the strip at the bottom. 
  A filter for HTTP, HTTPS, and DNS traffic might look like this:
  
***************
*** 358,363 ****
--- 378,385 ----
  Selecting the I<Reset> button clears the display filter so that all
  packets are displayed.
  
+ =back
+ 
  =item Preferences
  
  The I<Preferences> dialog lets you control various personal preferences
***************
*** 530,537 ****
  
  The I<Plugins List> shows the name, description, version and state
  (enabled or not) of each plugin found on your system. The plugins are
! searched in the following directories: B</usr/share/ethereal/plugins>,
! B</usr/local/share/ethereal/plugins> and B<~/.ethereal/plugins>
  
  A plugin must be activated using the I<Enable> button in order to use it
  to dissect packets. It can also be deactivated with the I<Disable> button.
--- 552,559 ----
  
  The I<Plugins List> shows the name, description, version and state
  (enabled or not) of each plugin found on your system. The plugins are
! searched in the following directories: F</usr/share/ethereal/plugins>,
! F</usr/local/share/ethereal/plugins> and F<~/.ethereal/plugins>
  
  A plugin must be activated using the I<Enable> button in order to use it
  to dissect packets. It can also be deactivated with the I<Disable> button.
***************
*** 741,749 ****
  
  =head1 FILES
  
! B</etc/ethers> is consulted to correlate 6-byte hardware addresses to
! names.  If an address is not found in B</etc/ethers>, the
! B<$HOME/.ethereal/ethers> file is consulted next.  Each line contains
  one hardware address and name, separated by whitespace.  The digits of
  the hardware address are separated by either a colon (:), a dash (-), or
  a period (.).  The following three lines are valid lines of an ethers
--- 763,771 ----
  
  =head1 FILES
  
! F</etc/ethers> is consulted to correlate 6-byte hardware addresses to
! names.  If an address is not found in F</etc/ethers>, the
! F<$HOME/.ethereal/ethers> file is consulted next.  Each line contains
  one hardware address and name, separated by whitespace.  The digits of
  the hardware address are separated by either a colon (:), a dash (-), or
  a period (.).  The following three lines are valid lines of an ethers
***************
*** 753,765 ****
    c0-00-ff-ff-ff-ff          TR_broadcast
    00.00.00.00.00.00          Zero_broadcast
  
! B</usr/local/etc/manuf> matches the 3-byte vendor portion of a 6-byte
  hardware address with the manufacturer's name.  The format of the file
! is the same as the B</etc/ethers> file, except that each address is
  three bytes instead of six.
  
! B</etc/ipxnets> and B<$HOME/.ethereal/ipxnets> correlate 4-byte IPX
! network numbers to names.  The format is the same as the B</etc/ethers>
  file, except that each address if four bytes instead of six. 
  Additionally, the address can be represented a single hexadecimal
  number, as is more common in the IPX world, rather than four hex octets. 
--- 775,787 ----
    c0-00-ff-ff-ff-ff          TR_broadcast
    00.00.00.00.00.00          Zero_broadcast
  
! F</usr/local/etc/manuf> matches the 3-byte vendor portion of a 6-byte
  hardware address with the manufacturer's name.  The format of the file
! is the same as the F</etc/ethers> file, except that each address is
  three bytes instead of six.
  
! F</etc/ipxnets> and F<$HOME/.ethereal/ipxnets> correlate 4-byte IPX
! network numbers to names.  The format is the same as the F</etc/ethers>
  file, except that each address if four bytes instead of six. 
  Additionally, the address can be represented a single hexadecimal
  number, as is more common in the IPX world, rather than four hex octets. 

Index: gtk/main.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/gtk/main.c,v
retrieving revision 1.117
diff -c -r1.117 gtk/main.c
*** gtk/main.c	2000/04/14 09:00:25	1.117
--- gtk/main.c	2000/05/10 05:56:24
***************
*** 830,835 ****
--- 830,898 ----
    filter_packets(&cf, NULL);
  }
  
+ /* GTKClist compare routine, overrides default to allow numeric comparison */
+ static gint
+ packet_list_compare(GtkCList *clist, gconstpointer  ptr1, gconstpointer  ptr2)
+ {
+   /* Get row text strings */
+   char *text1 = GTK_CELL_TEXT (((GtkCListRow *)ptr1)->cell[clist->sort_column])->text;
+   char *text2 = GTK_CELL_TEXT (((GtkCListRow *)ptr2)->cell[clist->sort_column])->text;
+ 
+   /* Attempt to convert to numbers */
+   double  num1 = atof(text1);
+   double  num2 = atof(text2);
+   
+   gint  col_fmt = cf.cinfo.col_fmt[clist->sort_column];
+   
+   if ((col_fmt == COL_NUMBER) || (col_fmt == COL_REL_TIME) || (col_fmt == COL_DELTA_TIME) ||
+       ((col_fmt == COL_CLS_TIME) && (timestamp_type == RELATIVE)) ||
+       ((col_fmt == COL_CLS_TIME) && (timestamp_type == DELTA))    ||
+       (col_fmt == COL_UNRES_SRC_PORT) || (col_fmt == COL_UNRES_DST_PORT) ||
+       ((num1 != 0) && (num2 != 0) && ((col_fmt == COL_DEF_SRC_PORT) || (col_fmt == COL_RES_SRC_PORT) ||
+                                       (col_fmt == COL_DEF_DST_PORT) || (col_fmt == COL_RES_DST_PORT))) ||
+       (col_fmt == COL_PACKET_LENGTH)) {
+ 
+     /* Compare numeric column */
+ 
+     if (num1 < num2)
+       return -1;
+     else if (num1 > num2)
+       return 1;
+     else
+       return 0;
+   }
+   
+   else {
+     
+     /* Compare text column */
+     if (!text2)
+       return (text1 != NULL);
+ 
+     if (!text1)
+       return -1;
+ 
+     return strcmp(text1, text2);
+   }
+ }
+ 
+ /* What to do when a column is clicked */
+ static void 
+ packet_list_click_column_cb(GtkCList *clist, gint column, gpointer data)
+ {
+   if (column == clist->sort_column) {
+     if (clist->sort_type == GTK_SORT_ASCENDING)
+       clist->sort_type = GTK_SORT_DESCENDING;
+     else
+       clist->sort_type = GTK_SORT_ASCENDING;
+   }
+   else {
+     clist->sort_type = GTK_SORT_ASCENDING;
+     gtk_clist_set_sort_column(clist, column);
+   }
+ 
+   gtk_clist_sort(clist);
+ }
+ 
  /* What to do when a list item is selected/unselected */
  static void
  packet_list_select_cb(GtkWidget *w, gint row, gint col, gpointer evt) {
***************
*** 1632,1644 ****
  
    packet_list = gtk_clist_new_with_titles(cf.cinfo.num_cols, cf.cinfo.col_title);
    gtk_container_add(GTK_CONTAINER(pkt_scrollw), packet_list);
!   gtk_clist_column_titles_passive(GTK_CLIST(packet_list));
    set_plist_sel_browse(prefs->gui_plist_sel_browse);
    pl_style = gtk_style_new();
    gdk_font_unref(pl_style->font);
    pl_style->font = m_r_font;
    gtk_widget_set_style(packet_list, pl_style);
    gtk_widget_set_name(packet_list, "packet list");
    gtk_signal_connect(GTK_OBJECT(packet_list), "select_row",
      GTK_SIGNAL_FUNC(packet_list_select_cb), NULL);
    gtk_signal_connect(GTK_OBJECT(packet_list), "unselect_row",
--- 1695,1709 ----
  
    packet_list = gtk_clist_new_with_titles(cf.cinfo.num_cols, cf.cinfo.col_title);
    gtk_container_add(GTK_CONTAINER(pkt_scrollw), packet_list);
!   
    set_plist_sel_browse(prefs->gui_plist_sel_browse);
    pl_style = gtk_style_new();
    gdk_font_unref(pl_style->font);
    pl_style->font = m_r_font;
    gtk_widget_set_style(packet_list, pl_style);
    gtk_widget_set_name(packet_list, "packet list");
+   gtk_signal_connect (GTK_OBJECT (packet_list), "click_column",
+     GTK_SIGNAL_FUNC(packet_list_click_column_cb), NULL);
    gtk_signal_connect(GTK_OBJECT(packet_list), "select_row",
      GTK_SIGNAL_FUNC(packet_list_select_cb), NULL);
    gtk_signal_connect(GTK_OBJECT(packet_list), "unselect_row",
***************
*** 1660,1665 ****
--- 1725,1731 ----
    gtk_widget_set_usize(packet_list, -1, pl_size);
    gtk_signal_connect_object(GTK_OBJECT(packet_list), "button_press_event",
      GTK_SIGNAL_FUNC(popup_menu_handler), gtk_object_get_data(GTK_OBJECT(popup_menu_object), PM_PACKET_LIST_KEY));
+   gtk_clist_set_compare_func(GTK_CLIST(packet_list), packet_list_compare);
    gtk_widget_show(packet_list);
  
    /* Tree view */