Ethereal-users: Re: [Ethereal-users] New to ethereal; time based filtering?; VOIP features?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Wed, 1 Aug 2001 00:58:50 -0700
On Wed, Aug 01, 2001 at 12:34:19AM -0700, David Kuder wrote:
> I took a look through the documentation
> and I don't see any way to get packets in a time range
> filtered.

There's no *specific* feature for filtering for time; however, you can
filter on any named field in packets, and one named field (it's in the
man page, but there's a *huge* list of filtered fields, so it may be
hard to find) is "frame.time", which is the time when the frame arrived.

A filter to check for packets in a time range would look something like

	frame.time >= "Aug 1, 2001 00:52:34" && 
	    frame.time <= "Aug 1, 2001 00:55"

(no, leaving the date out isn't currently supported; it just uses
"strptime()" to parse the date - yes, it might be nice, but nobody's
written the code for that yet).

> I'm picking apart RTP streams containing voice calls.  One
> thing that would be very useful would be to be able to pull
> the RTP payload out (like the TCP stream) and deal with it
> as audio, either playing it or saving it as a file.  Is there
> a plugin or newer version that might do that?

No.  That sort of feature has frequently been asked for, but it'd be a
fair bit of work to implement (for all the various protocols for which
people have asked for it), and nobody's done it yet.

The current plugin mechanism only supports plugging new protocol
dissectors in, so a plugin couldn't do that in any case.

> Other useful things for RTP would be sequence checks, looking
> for drops and measuring jitter.  Somehow I don't think those
> are available but I would like to be pleasantly surprised.

Nope, not available.  A mechanism for adding a second type of plugin has
been discussed, and we will probably implement it at some point; it
would probably allow the implementation of what I think some other
dissectors call "experts", which are modules that can look for
networking problems by looking at the packet contents.  Of course,
implementing the mechanism doesn't automatically implement the
experts....

(It might be interesting to see if it could be made possible to
implement that second type of plugin in scripting languages, e.g. Perl,
Python, Ruby, etc. - heck, maybe even Visual Basic in the Windows
version, or one of the various VB clones for UNIX.)