This is a copy of a message I sent to Ethereal-users earlier. As there
were no responses there, I am assuming that what I'm looking for isn't in
the current feature set. I'm sending the message to the -dev list to see
if anyone is working on such features, or could point me in some other
direction for them if it's out-of-scope for Ethereal's intended goals.
Thanks. Here's the original message:
I started using Ethereal yesterday in debugging a strange network
situation. Works as well as described: kudos, all!
One thing I was looking for, but did not find: some way where Ethereal can
draw my attention to evidence of "problems" in TCP sessions, such as:
- re-transmissions (maybe excessive re-transmissions)
- slow responses
- TCP sessions that don't complete a full start-up handshake
[Also, high levels of collisions could be highlighted]
Years and years ago, I had a brief exposure to a Network General Sniffer,
and it's "Expert" mode made these sorts of high-level correlations, if I
recall correctly.
I suspect that pulling these correlations together across many packets
isn't something Ethereal does today. Are there any projects to add this in
(as a plug in?), or anything like it? Am I missing the obvious? Perhaps a
different tool already exists that can be used in conjunction with Ethereal?
Thanks again to the project contributors for such a great tool!
Joel Noble
jnoble@xxxxxxxx
