Wireshark · Ethereal-dev: Re: [ethereal-dev] Changes/Suggestions...?

Ethereal-dev: Re: [ethereal-dev] Changes/Suggestions...?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Christian Brunner <chb@xxxxxx>

Date: Tue, 5 Jan 1999 19:24:03 +0100 (CET)

On Tue, 5 Jan 1999, Peter Hawkins wrote:

> 2) Additional functionality...
> Add a simple progress bar type network load indicator in the sniffing
> statistics area. So at any given moment I can tell my network is at X%
> load. This should be easy... measuring load is trivial (bytes received
> in a time period by sniffer / time), determining the rated maximum load
> for a network might be harder. Maybe a configuration item, maybe
> automagically to be determined from the interface data.

Calculating the load schould not be to much of a problem. Even without
using threads. All you should need is an alarm timer set to 1 second
intervals, a counter that increments at every received packet and an
alarmhandler that reads the counter, resets the counter and updates the
progess bar.

However determining the maximum load is harder. I don't know an easy way
to disinguish a 100MBit ethernet card from a 10MBit card. 

> For the TCP stream analysis, do everything as essentially a list,
> listing packet info, direction and contents, etc. so I could view a POP
> connection like this:
> --+-
> ->|(SYN)
> --+-
> <-|(ACK)
>   |200 Iname mail server v0.20a ready!
> --+-
> ->|USER chalky
> --+-
> <-|250 User okay, enter password
> --+-
> ->|PASS abcdefgh
> --+-
> <-|200 User/pass okay. 28 messages waiting.
> --+-
> ->|RECV 1
> --+-
> <-|From lists.linux.it
>   |From: somebody@somewhere
> etc..
> 
> If I could do that, then there would be no need for a special, eg. POP
> protocol, the TCP stream decoder would happily handle it by itself.

Yes, this would be nice.

> 4) An issue kindof seperate from the actual sniffer proper, but I'd like
> context-sensitive help for packet fields. I want to be able to press f1
> while the TCP receive window field is selected and to get a nice verbose
> description on what the TCP receive window is, what it does, why it
> really shouldn't be 0 for a healthy connection, etc. Maybe use the gnome
> help browser for this. Maybe use a little popup window. This would allow
> Joe average to understand a packet field without having to go digging
> through specs and RFCs.

I have done this in my (still not released) packet generator with
tooltips. When you leave your mouse over a hex-entry widget a small
tooltip pops up, giving you a bit of information about the header field.
The information you get is quite minimalistic at the moment, but should be
easily extended. 

Christian

References:
- [ethereal-dev] Changes/Suggestions...?
  - From: Peter Hawkins

Prev by Date: RE: [ethereal-dev] Viewing packets while capturing...
Next by Date: Re: [ethereal-dev] Viewing packets while capturing...
Previous by thread: Re: [ethereal-dev] Changes/Suggestions...?
Next by thread: Re: [ethereal-dev] Changes/Suggestions...?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$