On Thu, Apr 04, 2002 at 06:41:29PM -0600, George Sanderson wrote:
> 2) Add a column for the packet size.
>
> This would enable utilization (bytes/seconds) to be calculated.
The summary output format is not fixed; it's specified by an item in the
configuration file.
You can select "Columns" from the dialog box popped up by the
"Preferences" item in the "Edit" menu, and modify the list of columns.
The UI is a bit clumsy, but to add a packet size field, you'd
type the title you want for that column in the "Column title:"
field;
select "Packet length (bytes)" from the "Column format:" item;
click "New";
use "Up" or "Down" to move that field to the position you want.
Then click "Save" and then click "OK". Ethereal won't update the
display, but if you exit Ethereal and re-start it, it'll use the new
columns, and Tethereal will also use those columns.
So there's no need to change the default; people who want that column
can add it if they choose.
> 3) Always include the source and destination layer 3 socket addresses,
> if they are available.
By "source and destination layer 3 socket addresses" do you mean,
network layer addresses, such as the IPv4 source and destination
addresses for IPv4 packets, the IPv6 source and destination addresses
for IPv6 packets, and so on?
If so, those are displayed by columns with a "Column format" value of
"Source address" and "Destination address" (which might display the name
rather than the raw address, if you've enabled address-to-name
resolution and the names could be found by Ethereal), "Src addr
(resolved)" and "Dest addr (resolved)" (which might display the name
rather than the raw address, if the names could be found by Ethereal,
regardless of whether you've enabled address-to-name resolution), and
"Src addr (unresolved)" and "Dest addr (unresolved)" (which never
display the name).
By default, the "Source" column is of type "Source address" and the
"Destination" column is of type "Destination address", so we *do*
include the source and destination network host or address.
Those fields will display lower-level addresses if no network-layer
address can be found.
As such, I'm not sure what you mean by "always include the source and
destination layer 3 socket addresses". Do you mean "always show them as
addresses, rather than as names"? If so, then use the "(unresolved)"
form.
Or do you mean "display nothing if the network layer addresses aren't
available"? If so, then use "Network src addr"/"Network dest addr", "Net
src addr (resolved)"/"Net dest addr (resolved)", or "Net src addr
(unresolved)"/"Net dest addr (unresolved)".
To change a column's format, select the column in the "Columns" item
described above, change the title and/or the format, and click "Change",
then do "Save", "OK", and exit and re-start Ethereal, as per the above.
> This would enable other methods to cross check the protocol type and
> to identify client application port allocation practices.
Layer 3 (i.e., network layer) addresses aren't port numbers.
If you meant "port numbers", those are layer 4 (tranport layer), not
layer 3 (network layer). Those can also be added as columns; the
"Column format:" values would be "Source port"/"Destination port",
"Source port (resolved)"/"Destination port (resolved)", or "Source port
(unresolved)"/"Destination port (unresolved)". "Resolved" and
"unresolved" refer to resolving port numbers to names using
"getservbyname()" (using "/etc/services", or the appropriate NIS map, or
whatever the OS's "getservbyname()" does); transport-layer "address"
(port) resolution can be turned on or off, just as network-layer address
resolution can.