["Giles Coochey" <giles.coochey@xxxxxxxxxxxxxxxxxxxx>]

"ping 224.0.0.99" is nice example, (multicast address used here, but you
can choose any address to identify your traffic, use something that will
not traverse your firewall though, then use something like the following
filter:

(icmp && ip.addr == 224.0.0.99) 

to locate the traffic and then clear the filter with the appropriate
packet selected.

-----Original Message-----
From: Bernd Becker [mailto:bb@xxxxxxxxxxxxxxx] 
Sent: 16 June 2003 15:51
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Feature request


What I sometimes do is to generate a "marker" packet by performing some
action that generates some real network traffic. It should be something
that is very unlikely to appear during "normal" operation and that you
can easily search for in the capture later on. This has the advantage
that the user does not have to interact with ethereal and it doesn't
even have to run on the user's machine. An http access to some special
(none existant) URL on a local webserver may do the job. You could even
embed a comment or counter in the URL.

Cheers,
Bernd
---
Bernd Becker


--On Monday, June 16, 2003 12:01:31 +0200 "spam@xxxxxxxx"
<spam@xxxxxxxx> 
wrote:

> I hope this is the proper forum for a suggested feature request? If 
> not, perhaps I can at least get some comments on whether this is 
> considered a useful feature for more users before I post to the -dev 
> list.
>
> In the ethereal GUI an active logging session has a smaller pop-up 
> window displaying the number of packets received and a "stop" button. 
> I would like to have another button (e.g. named "Mark") that enables 
> me to insert a fake marker packet into the log. This means that I can 
> trace a socket over time and mark periods of waiting for the server, 
> as opposed to normal periods of inactivity.
>
> Example:
> A database front-end is perceived as "hanging" at times by the end 
> users. It is not clear whether this is a client app problem or a 
> server response issue. A network trace shows large deltas at times, 
> but some of these are normal periods of network inactivity, others are

> periods of waiting for a result set. It is not easy to filter these as

> the application may have many connections open in parallel. A solution

> could be to install Ethereal on a test client machine together with 
> the application and have a user work on this for a day or two, 
> pressing the "Mark" button when s/he feels there is a problem. This 
> log, compared with datetime stamps from app log and server log, should

> show exactly what was going on in the problem periods - even if there 
> are several problems related to network activity.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx 
> http://www.ethereal.com/mailman/listinfo/ethereal-users
 

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature