Wireshark · Ethereal-dev: Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?

Ethereal-dev: Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 28 Aug 2002 00:42:13 -0700

On Tue, Aug 27, 2002 at 02:57:43PM -0600, John McDermott wrote:
> As long as we're making suggestions, I'd like to see some way to 
> configure what shows up in that window (or in the list printed by 
> tethereal).  Maybe a command line list like
>   --show-stats IP,TCP,SNMP,H.323 (or a shorter name for those of us
> 				who like single char opts better...)
> One could get even more general and have x slots with filters so a user 
> could show the number of IPv4-TCP SYNs and the number of IPv6-TCP SYNS. 
> Of course, that would mean evaluating up to X filters which might slow 
> the code down significantly.
> As an aside, I seldom look at the stats window when capturing live.

Are you referring to the window that displays packet counts while a
capture is in progress, or to window displayed when you select "Protocol
Hierarchy Statistics" from the "Tools" menu?  Unless I've misread
something, the window we're discussing is the latter, not the former.

If you're referring to the former, I use it when capturing just so that
I know whether, if I stop the capture, I'm actually going to see
something; one thing I find annoying about tcpdump is that it reports
nothing until you stop the capture (unless you're on BSD and using a
recent version of tcpdump, in which case control-T will make it print
out a summary of what it's seen so far, although even then it doesn't
necessarily report the number of packets that passed the filter and were
written to the capture file), which is the reason why Tethereal behaves,
by default, like snoop and reports a capture count as it captures.

Also, if you're talking about the packet count window, note that, while
IP, TCP, and SNMP (if you assume that all SNMP traffic is either to or
from the SNMP or SNMP-trap port) can be detected fairly easily (e.g., by
simple hand-written code, or by a BPF filter), H.323 would, I think,
require that something close to a full-blown packet dissection be done,
which is a bit more work, so "--show-stats IP,TCP,SNMP,H.323" might not
be as easy, or cheap in terms of CPU time, as you might like.

References:
- RE: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
  - From: Khachaturov Vassilii
- Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
  - From: Guy Harris
- Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
  - From: Joerg Mayer
- Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
  - From: John McDermott

Prev by Date: [Ethereal-dev] I am confused by the MS impl of SPNEGO vs spec ...
Next by Date: Re: [Ethereal-dev] Damn ASN1 decode code is locked up in packet-ldap.c
Previous by thread: Re: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
Next by thread: RE: [Ethereal-dev] is cfile.plist at all filled in in tethereal?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$