I realize
#1 - So called Expert Reporting in commcercial packet capture apps is only as good as what the network administrator sets the paramaters to (based in his own network). In Fluke Protocol Expert, for example, it flags packets with ack time longer than 200 ms using red background color and white text. However, this default setting is not appropriate for my WAN as most of my PIX to PIX VPNs have ACK time around 200ms, as expected.
#2 - Some of the parameters in Protocol Expert's expert reporting _are_ very useful for me. I was performing a packet capture from a Stratus Continuum trying to resolve many issues, and one of the things that Protocol Expert immediately detected was IP Checksum errors from the Stratus. I realize in Ethereal I can set a display color filter to make these kinds of issues easier to spot. There are so many items that can be displayed in Ethereal with various color combinations, I suppose one could build there own "Expert Reporting" so to speak. No? In one sense ethereal makes it very easy (although time consuming) to build as many color-based flagging parameters as I want. The nice thing about Protocol Expert, Sniffer, and Etherpeek is that they give you a summary pane showing you all the "expert" flags, so theoretically even after I've tweaked the expert system, I still benefit from that summary pane. In ethereal I guess it would be more geared around creating various color coded "warnings" for different parmaters since there is no summary pane based on number of "red" flags vs. "blue" flags.
Has anyone tried making there own Expert-like system in Ethereal?
Regards,
Mark