Wireshark · Ethereal-dev: Re: [ethereal-dev] Changes/Suggestions...?

Ethereal-dev: Re: [ethereal-dev] Changes/Suggestions...?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Gilbert Ramirez Jr." <gram@xxxxxxxxxxxxxxxxxxx>

Date: Tue, 5 Jan 1999 10:37:53 -0600 (CST)

As Peter Hawkins said:
> 
> 1) The UI.

I have a couple UI suggestions as well. I'd like to be able to open
multiple capture files at the same time. Also, when I'm looking at packets,
I sometimes find one that's really interesting. What I'd like to be able to
do is drag the tree-analysis and hexdump of that packet off to the side
into it's own floating window, and continue looking at packets in the main
window(s).

> 2) Additional functionality...
> Add a simple progress bar type network load indicator in the sniffing
> statistics area. So at any given moment I can tell my network is at X%

using threads, right?

> For the TCP stream analysis, do everything as essentially a list,
> listing packet info, direction and contents, etc. so I could view a POP
> connection like this:

Do you mean show have a window like the packet list window, except instead of
showing one packet per line, show one TCP read/write per line? We could
do this for all connection-oriented protocols (e.g., SPX).

> BTW, how does ethereal avoid sniffing it's own DNS packets from reverse
> DNS lookups? I'm interested in how this is done.

it captures and decodes in separate steps, not at the same time.
 
> 4) An issue kindof seperate from the actual sniffer proper, but I'd like
> context-sensitive help for packet fields. I want to be able to press f1
> while the TCP receive window field is selected and to get a nice verbose
> description on what the TCP receive window is, what it does, why it
> really shouldn't be 0 for a healthy connection, etc. Maybe use the gnome
> help browser for this. Maybe use a little popup window. This would allow
> Joe average to understand a packet field without having to go digging
> through specs and RFCs.

I think this might work very well with Guy's suggestion of making a list of
properties for each packet. Each property type can easily be linked with a
little sentence or paragraph explaining what that property is.

(Peter: Guy Harris has an idea where the packet-*.c files decode the
packets, but then make a list of properties. A separate function translates
the list of properties to the tree widget. Having all the fields in a
property list would help us search and filter on packets).
 
--gilbert

-- 
Gilbert Ramirez                Voice:  +1 210 358 4032
Technical Services             Fax:    +1 210 358 1122
University Health System       San Antonio, Texas, USA

References:
- [ethereal-dev] Changes/Suggestions...?
  - From: Peter Hawkins

Prev by Date: Re: [ethereal-dev] Viewing packets while capturing...
Next by Date: RE: [ethereal-dev] Changes/Suggestions...?
Previous by thread: [ethereal-dev] Changes/Suggestions...?
Next by thread: Re: [ethereal-dev] Changes/Suggestions...?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$