> I'm trying to create a summary text dump from a Net X-Ray .cap file that
> consistently resolves the PROTOCOL field in an ethernet packet.
>
> What I mean is that sometimes Ethereal resolves well-known TCP protocols
> like HTTP or FTP or UDP protocols like SNMP, and sometimes (perhaps only
> for not-well-known protocols) it doesn't. I'd prefer that it always say
> "TCP", "UDP", "ICMP", etc. for the protocol field and let ME do the
> resolution based on the port number. Is this possible?
That depends on what you mean by "do the resolution".
If by "let ME do the resolution" you mean "don't dissect any protocol at
a higher level than TCP/UDP/ICMP", you can do that with the latest
version of Ethereal by selecting "Edit->Protocols" and clicking on all
protocols other than the link-layer, network layer, and transport layer
protocols, which disables all the protocols on which you click, and then
click "OK".
This is perhaps an inconvenient way to do it, but it's the only way to
do it....
> Also, it seems like the "Absolute time" display doesn't include the
> date. I know the date is in the .cap file, and the man page advertises
> the date should be displayed, but I can't get it. Is this a bug?
No, it's a feature, i.e. it's intentional. (You may note that the
option to select it from "Display->Options" says "Time of day".) A
separate option to give date and time might be useful, but, in many
(most, I suspect) situations, the date wouldn't be useful, and would
take up extra space in the display, so I wouldn't want it to *always*
display the date as well as the time.