Ethereal-dev: Re: [ethereal-dev] Expert mode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "John Bourke" <John.Bourke@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Jul 2000 12:55:57 +0100
Hello,

Point taken about the Ethereal architecture.  I need to brush up on this a
bit more.

I have potentially a lot of time to put into both application analysis and
an expert system.  Is there some way we could put together a design that
would be acceptable to everybody, so that we could add this functionality.

Thanks


john

----- Original Message -----
From: Richard Sharpe <sharpe@xxxxxxxxxx>

> OK, I can understand this need, but I still claim that Ethereal as it
> currently stands is not well suited to doing this, because the code
> required to understand the protocols and pick out the anomalies does not
> exist outside of the dissector routines, which both dissect a protocol,
and
> display it.
>
> To implement an expert mode would require, IMO, that the dissector
routines
> also be called to just dissect packets and provide information that an
> expert mode could pick over.
>
> A better implementation would be to have Ethereal built on a set of
> routines that understand how to dissect packets, and then the packet
> display routines could do exactly that, while the expert mode could use
the
> same routines to dissect packets, but do different things with them.
>
> >john
> >
> >----- Original Message -----
> >From: Richard Sharpe <sharpe@xxxxxxxxxx>
> >To: John Bourke <John.Bourke@xxxxxxxxxxxxxxxxxx>; <ethereal-dev@xxxxxxxx>
> >Sent: Monday, July 17, 2000 6:32 PM
> >Subject: Re: [ethereal-dev] Expert mode
> >
> >
> >> Hi,
> >>
> >> At 03:16 PM 7/17/00 +0100, John Bourke wrote:
> >> >Hello again !
> >> >
> >> >Has anyone considered an expert mode, for spotting network anomolies,
> >such
> >> >as excessive retransmissions ?
> >>
> >> Again, I think that this is not a job for Ethereal, but is a job for
> >> another tool that understands the structure of the protocols involved.
It
> >> would sort through the data and apply some heuristics to spot
anomalies.
> >>
> >> Such a tool, and Ethereal, would be helped if there was an underlying
> >> library that knew how to decode packets, so each higher level tool
could
> >> concentrate on its own job. In the case of Ethereal, that job is to
> >display
> >> the decoded packets.
> >>
> >> >john
> >> >
> >> >
> >>
> >> Regards
> >> -------
> >> Richard Sharpe, sharpe@xxxxxxxxxx
> >> Samba (Team member, www.samba.org), Ethereal (Team member,
www.zing.org)
> >> Contributing author, SAMS Teach Yourself Samba in 24 Hours
> >> Author, Special Edition, Using Samba
> >>
> >>
> >
> >
>
> Regards
> -------
> Richard Sharpe, sharpe@xxxxxxxxxx
> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
> Contributing author, SAMS Teach Yourself Samba in 24 Hours
> Author, Special Edition, Using Samba
>
>