Ethereal-dev: Re: [Ethereal-dev] feature request

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ray.Rizzuto@xxxxxxxxxxx
Date: Fri, 11 Oct 2002 16:08:11 -0400

Jeff,

Nice to bump into you again!  Say hello to the gang at Ulticom from me.

Actually, I believe that the capture filter syntax provides the flexibility I need.  Basically I'm capturing a proprietary protocol riding on UDP.  I want to specify that the capture stop when a specified byte within the payload is a specified value, i.e. udp[20] == 3.   That way I can start a long duration test and have the capture stop when a specific (infrequent) problem occurs.

I guess the same logic could be put into Ethereal, but it would require that Ethereal examine each packet as it is received.  Does Ethereal currently do that, or does it only examine packets to decode them as they are shown on screen?  

Overall, I favor the capture logic being in libpcap since libpcap is optimized for examining packets in real time.  In addition, this seems to be a common facility that other users of libpcap could use.

Ray
---------------------------------------------------------------------------------------------------------
The information contained in this electronic mail transmission is intended by INRANGE Technologies for the use of the named individual or entity to which it is directed and may contain information that is confidential or privileged. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or call the INRANGE Help Desk at 215-293-2811 so that the sender's address records can be corrected.


Jeff Morriss <jeff.morriss@xxxxxxxxxxx>

10/11/2002 03:43 PM

       
        To:        Ray.Rizzuto@xxxxxxxxxxx
        cc:        Ethereal Development List <ethereal-dev@xxxxxxxxxxxx>
        Subject:        Re: [Ethereal-dev] feature request




Hi Ray,

Well, the Ethereal capture dialog already has some (basic) stop triggers
(such as "Stop after N packets").  Also, if you want to stop the capture
after some upper layer protocol event then it should probably be done in
Ethereal (in which those upper layer protocol events would be dissected)
instead of libpcap...

You might want to start looking in "gtk/capture_dlg.c" for how the
current stop triggers are implemented.

Regards,
-Jeff

Ray.Rizzuto@xxxxxxxxxxx wrote:
>
> Hi!
>
> I'd like to be able to define a start/stop capture trigger.  I'd think
> the syntax would be the same as the capture filters.  I don't know if
> this is an Ethereal enhancement and/or a libpcap enhancement.
>
> Ray
> ---------------------------------------------------------------------------------------------------------
> The information contained in this electronic mail transmission is
> intended by INRANGE Technologies for the use of the named individual or
> entity to which it is directed and may contain information that is
> confidential or privileged. If you have received this electronic mail
> transmission in error, please delete it from your system without copying
> or forwarding it, and notify the sender of the error by reply email or
> call the INRANGE Help Desk at 215-293-2811 so that the sender's address
> records can be corrected.

--
Jeff Morriss
Senior Support Engineer
Ulticom, Inc.
Helpdesk: +1-856-787-2765
Fax: +1-856-222-9947