Hey all,
I looked through the man page and the TODO list (found out that changing the
protocols in the capture stats window is in the TODO list), but didn't find
what I was looking for.
The protocol statistics that give protocol-specific percentages are quite
useful, and would be *very* useful if ethereal could run infinitely.
Suppose all the actual packets went to /dev/null, but the packet-type
statistics were still kept. Makes a very handy long-term protocol analysis
tool (the age-old Network General Sniffer did this, although it wasn't that
great for protocol break-down).
It would, of course, be even better if in addition to the number of packets
(and percentages), the number of bytes (and percentages) were listed. Thus
an estimate of total bandwidth usage could be created.
Anyway, some of those things on my wish list involve stuff already on the
TODO list, such as modification of the protocols and counters in the
statistics window (if I wanted to hack them by hand, which file are those
in?).
But I figured the infinite scan could be done by redirecting the packet
output to /dev/null. However when I did this, ethereal blew away the
/dev/null device and created a regular file in its place with the packet
data in it.
Comments? Suggestions?
--J