Ethereal-users: RE: [Ethereal-users] Customized Front End

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>
Date: Wed, 28 Feb 2001 15:09:34 -0600
> > At the moment, ethereal can do the filtering, however,
> > I have to look at the parameter of interest frame by
> > frame.  Is there anyway to specify the parameters
> > within, and line them as a table?
> > 
> > It seems I may not be able to avoid programming using
> > libpcap to fulfill this requirement.  Or have I missed
> > out something?  Appreciate your comments on this.
> 
> Ethereal currently has no way to do this, although
> some generic facility for dumping fields would probably
> be a useful addition to Ethereal.
> 
> My suggestion would be to dump out a full decode to
> a text file (either with Ethereal "print to file", or
> tethereal -V) and write some code to parse that file
> and convert it to whatever format (CSV?) that you need.

This is how we do it here.  We use:

tethereal -V [-x] -r capture.file

(sometimes we need the whole hex dump of the packet), and then run all the
output through Perl scripts to get what we need.  Works great.

Then Perl can be used to generate Gnuplot command files, and then you can
call Gnuplot from within Perl like so:

system("gnuplot graph.this");

The end result?  If the last three lines of your Gnuplot file are:

set terminal png color
set output "picture.png"
replot

Then you get stuff like this:  http://nin.iats.missouri.edu/~mcnuttj

Between tethereal, perl, and gnuplot, I write a lotta scripts, but it still
saves Mizzou Telecom boatloads of money on commercial apps (that tend to do
less...).

--J