Wireshark · Ethereal-dev: Re: [ethereal-dev] Some more advice, brainstorming, please.

Ethereal-dev: Re: [ethereal-dev] Some more advice, brainstorming, please.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Wed, 1 Mar 2000 08:58:52 -0600

On Wed, Mar 01, 2000 at 08:18:29AM -0600, Juan Toledo wrote:
> 
> My question here is: does anybody here find value in trying
> to implement a generalisation of this? That is, is there a
> "market" for network representations other than "by ethernet
> address" and "by ip address"?

Yes, there is:

FDDI MAC addresses
Token-Ring MAC addresses
IPX network/node pairs

And others (SNA has an addressing method, although I don't know
how many people are using free software to decode SNA).

> PS: If anyone thinks this is not the right place to post
> these questions, just leave me a personal mail and I will
> stop posting immediately . It's just that this is going so
> fast that people hasn't cared to join my own mailing list
> yet, and I think these subjects deserve some debate so that
> I can code thinking in future extensions.

I'm glad you're on ethereal-dev; I wanted to ask you some questions.
I downloaded and installed etherape this morning; it looks nice.
I was trying to think of ways for Ethereal to call etherape.
One way would be for Ethereal to call etherape with the name of the
trace file that Ethereal is looking at, but in the case where
there's a display filter in effect for Ethereal, Ethereal needs to 
be able to send the "packet list" info to etherape, so the user gets
an etherape diagram of only the packets he has displayed in Ethereal.

Perhaps Ethereal could open a pipe to etherape, and send it the packet
info, one-by-one:

1: 00:c0:4f:6b:9f:e0 ff:ff:ff:ff:ff:ff

etc.

Or, Ethereal could do some of the processing for etherape:

<packet 1>
<ethernet>00:c0:4f:6b:9f:e0 00:c0:4f:30:20:11</ethernet>
<ip>192.168.44.1 192.168.68.1</ip>
</packet>

And with that info, etherape could show multiple views of the same
data. Sniffer Pro for windows has a graph like yours, and they embed
it inside a tabbed notebook widget. Each tab is a protocol
("MAC", "IP", "IPX"); so the user selects the tab corresponding to
the graph they which to view.

How much protocol decoding do you want to put in etherape? You'll have
to put some in if you want to support Ethernet, FDDI, Token-Ring,
IP, and IPX. You might even be able to call tethereal to supply
this information to you, until we break out the protocol decoding
engine of Ethereal into its own separate library (libdencode).

--gilbert

Follow-Ups:
- Re: [ethereal-dev] Some more advice, brainstorming, please.
  - From: Guy Harris

Prev by Date: [ethereal-dev] Some more advice, brainstorming, please.
Next by Date: RE: [ethereal-dev] TCP/UDP protcol dissector lookups
Previous by thread: [ethereal-dev] Some more advice, brainstorming, please.
Next by thread: Re: [ethereal-dev] Some more advice, brainstorming, please.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$