Daniel Wu wrote:
I understood that you're the official fellow for (t)ethereal tool.
No, I'm *not* the official person for Ethereal or Tethereal.  The 
closest thing to an official person would be Gerald Combs, but questions 
about Ethereal should be sent to the Ethereal list, not to particular 
members of the list.  I'll CC the list to see if anybody else has any 
recommendations.
I've gotten some question and wonder if you could kindly point me to the right direction. In general the tool does what I needed. However, I'm wondering if it's possible to capture summary level info (using tethereal) while retaining both the IP layer (port and len) information as well as peek into the http cookie section. So far it seems that it's an either-or type of deal. Do you know if there's a way I can get around that? Any advice would be greatly appreciated.
 
What Ethereal and Tethereal capture is raw binary packet data.  The only 
way to capture less than the full packet is to set the "snapshot length" 
with the "limit each packet to [N] bytes" GUI item in Ethereal and the 
"-s" flag in Tethereal, which means that no more than the specified 
number of bytes of the packet will be captured; the extra bytes will be 
chopped off at the end.
Raw binary packet data has no notion of summary level info vs. a 
detailed dissection.  It also has no notion of HTTP headers.
Ethereal and Tethereal can *dissect* the raw binary packet data, and 
display either summary information and/oror a full detailed dissection.  
There are no options in Tethereal to do both (without "-V", you get the 
summary; with "-V", you get the detail), and there are no options in 
Tethereal to show only part of the detailed dissection.