Ethereal-dev: Re: [ethereal-dev] proto_tree discussion

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 7 Jul 1999 11:52:53 -0700 (PDT)
> 1. The display filter syntax in ethereal would be different from and
> incompatible with the capture filter syntax (libpcap). Users would have
> to know both. A filter-creation GUI for either filter-language, or both,
> would help the situation for beginning users. A translator to convert
> from one to the other *might* be possible.

If we turn "wiretap" into a full "pcap" replacement, complete with the
ability to do live captures, we could perhaps give it a capture filter
syntax similar to the display filter syntax of Ethereal.

> 3. Ethereal display filters are slower than libpcap display filters, since
> libpcap uses byte-compiled BPF instructions.

...but they do more work.

> Perhaps the
> goal should be the ability to filter on all useful fields. But utility
> is in the eye of the user...

Precisely.