Ethereal-dev: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.
Im back from my travels now.
Unfortunately there is some duplication of work in this area.
I completed a very similar feature during my travels that will create a
clist of all "conversations".
Though it does not use the conversation mechanism in ehtereal.
This code is based on the tethereal implementation using the TAP subsystem
to pick up data for conversations.
It does not use the wiretap interface and is thus agnostic about the link
layer and encapsulation used.
Since it use TAPs to pick up the data it is completely agnostic about the
other layers and whatever encapsulation
is used in the capture file.
Since it use the TAP system it will also keep update the "conversation"
list in semi-realtime during a live capture.
Since it use the TAP system, there wont be issues such as with the , in all
other regards excellent, TCP Stream Analysis feature that today only
recognizes TCP if TCP is transported atop Ethernet.
It supports , same as Tethereal -z io,users,... tap, Ethernet, TopenRing,
IPv4, TCP, UDP and will have IPX and FibreChannel as well.
I will complete extracting this from my "greatly diverged" tree before the
weekend. I have to remove all the
test features and experiments that just didnt work out in other areas of
ethereal first.
One missing feature with my implementation that I hope someone will
implement later or I will do myself is
that by clicking on a specific "conversation" in the clist and then using
the right mouse button this should bring up
a popup menu where one can select "Both Directions", "Tx" "Rx" and this
will automatically update the display filter
in the main window and refilter the display to only show the selected
conversation either both directions or just a specific direction.
----- Original Message -----
From: Greg Morris
Subject: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.
The attached is the complete file showconversations.c. It contains the
changes recommended by Guy,
1. Replace the atoi and atol with sprintf equiv's.
2. Display of TCP port numbers with Decimal values instead of Hex.
3. Created defines for IP, TCP, and IPX packet types.
I did not change the functionality of findstring() since it does a little
more then strstr(). I will look into changing this when I get some more
time.
Thanks for the comments...
Greg
>>> Guy Harris <guy@xxxxxxxxxxxx> 8/18/2003 4:57:00 PM >>>
On Monday, August 11, 2003, at 3:15 PM, Greg Morris wrote:
> The attached files are of the current CVS on 8-6-03. I have built and
> tested on Windows platforms with GTK 1.3.
Unfortunately, it doesn't build on Mac OS X, and probably won't build
on a number of other UNIX-flavored OSes, as they lack "itoa()" and
"ltoa()". Use "sprintf()", instead.
Also, you might want to show TCP port numbers as unsigned decimal
rather than hex.
In addition:
we use "strstr()" in several dissectors, so it can be used elsewhere -
see if that can be used instead of "stringfind()";
you should probably use various enum and #define values rather than
raw numerical values when checking "pi.src.type", "pi.ipproto", and
"pi.ptype";
"c_char" and "i" are unused in "show_proto_selection()";
you should incl ude <string.h> to declare "strcat()", "strlen()", etc..
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev