Ethereal-dev: Re: [ethereal-dev] More RFC for etherape

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Juan Toledo <toledo@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Mar 2000 18:00:54 +0100

> Well, dissecting, yes.

Ok. :-)

> What really needs to happen is the creation of a packet capturing
> daemon. We've talked about it on ethereal-dev for remote capturing
> purposes. It would be a daemon that understoodd RMON I & II, and perhaps
> our own special syntax for capture filters (based on Ethereal's display
> filters).
>

Well, statnet (on package netdiag in Debian) already produced a daemon, and
it
was one of the options I considered when I started etherape. It turned out
that usign pcap was very easy and I didn´t think about it anymore. It's the
dissection I'm most interested about, though, because it would make my
life easy for the color coded display.

> > guint8 *l2_addr; /* normally ethernet addresses */
> > guint8 *l3_addr; /* normally ip addresses */
> > guint8 *l4_addr; /* normally tcp or udp ports */
> > ...
> >
> > And then any combination of this addresses would be the key
> > to define a node.
>
> Why a combination? If you're communicating with IP addresses that
> are not on your local LAN segment, then the l2_addr will be
> your local router, while the l3_addr will be the remote IP address.
>

Actually I realized that's more than what I actually need. Starting two
versions
ago (yesterday night), I use a single node_id. But the node id may actually
be
the composition of two addresses, as is the case when in "tcpape" mode, in
which
a node is defined by it's ip address and port number.

Regards,
Juan.