Folks:
I'm new to Ethereal. Is this a good forum for discussing/requesting enhancements
to Ethereal? If not, I apologize for the interruption.
I've recently started playing with Ethereal - it's a great tool. But I have some
comments for making it easier for first time folks to use:
1) One of my biggest frustrations when I first started using the program was the
fact that you can enter an invalid capture filter expression. Then you start a
capture, and you're confronted with a "Sorry, that's wrong..." message.
It would be very nice to have Ethereal run this string through the tcpdump
parser right when you enter it, so they could be assured that it'll work "first
time". This should happen in the Capture... window, or when specifying capture
filters.
2) As an additional enhancement, it would be great for Ethereal to attempt to
convert a (simple) display filter expression to a capture filter.
If there were a straightford translation (e.g., "IPaddress==192.168.1.1" goes to
"host 192.168.1.1") Ethereal would do the following:
- Place the converted capture filter string in the Capture Filter: window.
- Momentarily display a small "Converting from Display to Capture format..."
Obviously, if there isn't a way to express the expression as a capture filter,
Ethereal would put up an error ("Expression is not legal capture filter. Read
the doc's...")
3) It might even be enough just to special case a few common/simple display
expressions, such as "ipaddress==..." and "tcp.port==...", as this is what
first-time users will use. If they need fancy expressions, then they will (of
course) need to learn about the tcpdump facilities.
4) The documentation refers the reader to the tcpdump page for detailed
information about capture filters. I imagine that the tcpdump filter format is
sufficiently stable that it would be worth incorporating it into the Ethereal
help page.
Thanks for listening!
Rich Brown
Hanover, NH