Wireshark · Ethereal-dev: Re: [ethereal-dev] Expert mode

Ethereal-dev: Re: [ethereal-dev] Expert mode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jochen Friedrich <jochen@xxxxxxxx>

Date: Mon, 17 Jul 2000 17:19:47 +0200 (CEST)

Hi Richard,

> Again, I think that this is not a job for Ethereal, but is a job for
> another tool that understands the structure of the protocols involved.  It
> would sort through the data and apply some heuristics to spot anomalies.
> 
> Such a tool, and Ethereal, would be helped if there was an underlying
> library that knew how to decode packets, so each higher level tool could
> concentrate on its own job. In the case of Ethereal, that job is to display
> the decoded packets.

Such a library also would make an RMON-2 subagent (like btng) or an IDS
tool (like snort) much easier :-)

Regards,
Jochen

Follow-Ups:
- Re: [ethereal-dev] Expert mode
  - From: Richard Sharpe

References:
- Re: [ethereal-dev] Expert mode
  - From: Richard Sharpe

Prev by Date: Re: [ethereal-dev] Expert mode
Next by Date: Re: [ethereal-dev] Expert mode
Previous by thread: Re: [ethereal-dev] Expert mode
Next by thread: Re: [ethereal-dev] Expert mode
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$