Ethereal-users: Re: [Ethereal-users] Wouldn't it be cool if....

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 17 Apr 2002 13:57:13 -0700
On Wed, Apr 17, 2002 at 09:17:54PM +0100, Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx wrote:
> 1) [T]Ethereal had a trace summary option: 
> EG number of packets, bytes in trace, trace duration, start time, trace file
> format, trace quality.

Well, the "Summary" item under the "Tools" menu gives you:

	a count of the packets in the trace (and a count of the packets
	currently being displayed);

	a count of the bytes in the trace;

	elapsed time of trace;

	the trace file format.

The start time isn't saved in all trace file formats - and libpcap
format, which is Ethereal's native format, is one that doesn't save it -
so it could only give you the time stamp of the first packet.

I don't know what "trace quality" means, so I don't know whether it'd
even be possible for Ethereal to provide it.

> 2) Editcap's flags were tidied up a bit. 
> Input Files
> 	ethereal [-r] file # optional flag -r 
> 	tethereal -r file  # mandatory -r 

If "-r" were mandatory in Ethereal, Ethereal wouldn't work well as the
program for particular file types in certain GUIs, i.e.  "run Ethereal
when you double-click or click this file" (I think that problem
originally showed up in Windows; I forget whether it was a problem in
KDE as well).

If "-r" were optional in Tethereal, how would you distinguish

	tethereal tcp

meaning "capture TCP traffic and print summary lines for it" (for
compatibility with tcpdump and snoop) from

	tethereal tcp

meaning "read a capture file named 'tcp'"?

(Yes, I consider tcpdump/snoop compatibility important.)

> 3) There was a portable default config file containing such options as.
>  - Whether to default to promiscuous or non promiscuous mode when tracing.
>  - Whether to enable name resolution
>  - Which timestamp to use.  
>  - Which display column settings to use
> Such a config file would be handy for site installs.

There is.  Ethereal reads, if present, a "preferences" file in the
"installation" directory (on Windows, it's the directory the Ethereal
binary is in; on UNIX, it's the directory the package was configured to
be installed in), just as it reads a "preferences" file in the
appropriate directory for personal preferences.

> 4) Editcap could read tethereal -V output to recreate a trace file.

"tethereal -V" output doesn't necessarily contain enough of the raw data
to *allow* it to recreate the trace file.