Hi,
I have been using ethereal a bit and think it is a great tool. However I want to use it for a problem where I haven't found a solution yet.
I would like to create time-series of certain protocol fields. Basically this is already supported, but I would like to do this in a more generic way. Idea is that this would provide the possibility to combine (in an easy way) lots of powerful Unix tools together with the powerful ethereal (dissection engine).
In a very simple case, what I would like to do is to query tethereal to output all TCP source and destination port numbers (together with time and frame number). Or to query tethereal to output all HTTP (get) user-agent. Or to query tethereal to output all IP total size. This should than be printed in a way No; Timer; src port, dst port - or - No; Timer; http user agent - or - etc. I guess you got it.
I know that it is possible to define some columns and than to print a summary. But this doesn't allow to select all fields from other protocols.
Basically what tethereal needs (as option) is to tell it what fields it should output per protocol (and in which way -i.e. as one line).
e.g. tethereal -d "frame [no, time delta] http [ User-Agent ]" -R http
tethereal -d "frame [no, time delta] tcp [ src port, dst port ]" -R tcp
What is missing is the -d option :-) ( I think it is straight forward what it means -- what protocol level and than what sub fields of the prot.)
Have I missed something in ethereal's functionality or is a plug in for this available or is it planed to provide something like this?
If this is not available yet, maybe you can point me to a few places in the source where I would have to fit in this function.
I think it would really be useful, as it opens up a lot of possibilities to post-process the output of tethereal.
Best Regards,
/Roger