Ethereal-dev: Re: [Ethereal-dev] Another new feature for Ethereal.
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: <martin.regner@xxxxxxxxx>
Date: Wed, 6 Aug 2003 22:26:57 +0200
Greg Morris wrote: > Many users of Sniffer like the Matrix option - Which allows you to see > the conversations between different layers. I have been working on a new > Tools Menu option called "Show Conversations". I know it is really not > the correct technical term at each layer of the OSI but it should be > close enough to allow users to identify it's purpose. > > There are 4 options. > > Conversations by MAC address - This is a table of the conversations > between 2 unique MAC addresses. > > Conversations by IP address - This is a table of the conversations > between 2 unique IP addresses. > > Conversations by TCP address - This is a table of the conversations > between 2 unique IP/Ports. > > Conversations by IPX address - This is a table of the conversations > between 2 unique net/node/sockets. > Looks very nice, but why not also UDP? I'm using the "-z io,users,tcpip" and "-z io,users,udpip" a lot nowadays (tethereal only), and I have been thinking of trying to port it to Ethereal and add filtering buttons - but I had problems with understanding GTK. Actually it could be good to see the "duration" (i´n seconds) of the conversion as well. I have planned to send i a patch to add some more stuff to the "-z io,users" output (First frame number, Last frame number, relative time of first packet and duration in seconds) that I found very useful when looking at certain problems. Regards, Martin
Many users of Sniffer like the Matrix option - Which allows you to see the conversations between different layers. I have been working on a new Tools Menu option called "Show Conversations". I know it is really not the correct technical term at each layer of the OSI but it should be close enough to allow users to identify it's purpose.
There are 4 options.
Conversations by MAC address - This is a table of the conversations between 2 unique MAC addresses.
Conversations by IP address - This is a table of the conversations between 2 unique IP addresses.
Conversations by TCP address - This is a table of the conversations between 2 unique IP/Ports.
Conversations by IPX address - This is a table of the conversations between 2 unique net/node/sockets.
Each table is column sortable. There are several common columns for each table.
Status - This column indicates whether the filter on this conversation is currently on or off.
Address - First address in the table
Address - Second address in the table
Packets - The number of packets in this conversation
Filter - The filter string to be applied if this item is selected.
Additionally the TCP table adds 2 port columns, and IPX adds instead 2 socket columns and replaces the Address columns with a network and node column. See attached document for a better description.
When a show conversations option is selected the existing filter is read so that the new filter that will be built by the table will be appended. Also the table will search the current filter to determine if previous table filters have already been applied and will indicate that status in the status column. Users can add and remove filters dynamically and when clicking the OK button the filter will be applied and reflected in the filter text window of the main screen. Multiple items can be added or removed dynamically. Also if the user clicks on the reset button on the main window the filter will be reset and the tables will also reflect this change.
The attached files are of the current CVS on 8-6-03. I have built and tested on Windows platforms with GTK 1.3. All files/patches will be located in the ethereal/gtk directory.
Please consider this addition to Ethereal.
Greg
|
Attachment:
New showconversations.doc
Description: MS-Word document
Attachment:
showconversations.h
Description: Binary data
Attachment:
makefile.nmake.diff
Description: Binary data
Attachment:
menu.c.diff
Description: Binary data
Attachment:
showconversations.c
Description: Binary data
Attachment:
main.c.diff
Description: Binary data
_______________________________________________ Ethereal-dev mailing list Ethereal-dev@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-dev
- Prev by Date: [Ethereal-dev] Another new feature for Ethereal.
- Next by Date: Re: [Ethereal-dev] Another new feature for Ethereal.
- Previous by thread: [Ethereal-dev] Another new feature for Ethereal.
- Next by thread: Re: [Ethereal-dev] Another new feature for Ethereal.
- Index(es):