Wireshark · Ethereal-users: Re: [ethereal-users] What is good about netxray

Ethereal-users: Re: [ethereal-users] What is good about netxray

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Thu, 16 Sep 1999 21:33:48 -0500

    This sort of conversation reminds me of usenet back in the good ol' days when
major universities had 56k links through midnet :-)

    Enough hair splitting points - the important thing is what good features of
netxray can be ripped for the next release of ethereal. If you're coding on
ethereal, and you haven't examined netxray in person, I'd suggest you look for some
opportunity to do so - just because its on a bloated, unstable OS doesn't mean
those guys didn't have some very good ideas.


> >       Yes, but consider it in light of filter building - *click* *click* - and
> > you're filter on ip, ip + port, etc - much handier.
>
> Yes, but in your original mail you mentioned just highlighting, not
> filter building.  In Ethereal, if you "click on a portion of the frame",
> it does "[highlight] that bit of the frame".
>
> Ethereal has some ability to construct filters from fields in the packet
> - if you select a line in the detail pane, "Display'Match Selected" will
> construct and apply a filter that matches all frames where the given
> octets in the frame have the same values that they do in the given frame
> (the filter checks the octets at the same offset; it doesn't filter on
> the "abstract" field).
>
> As we don't currently have any way to construct filters from a GUI, we
> obviously have no way to add filter entries by clicking on a field;
> that's something to consider if we add a GUI filter-constructor.
>
> >       But it would be nice to rig a condition for start (possible with
> > netxray) and limit it to 256k of traffic (also possible with netxray).
>
> This isn't a capture buffer size, it's more of a "start trigger" and
> "stop trigger"; "limit it to 256k of traffic" would just be a stop
> trigger of "256k of traffic saved" rather than, say, "frame to port XXX
> from host YYY".
>
> > You can do this now with libpcap,
>
> A program could use "libpcap"'s packet filter to implement stop triggers
> (and start triggers, but you'd have to send packets up to userland and
> do the start trigger stuff in userland; you'd need driver changes to
> avoid the userland copy), but, unless the program does so, you can't do
> start or stop triggers in the program - and Ethereal doesn't have start
> or stop triggers for a capture.

Follow-Ups:
- Re: [ethereal-users] What is good about netxray
  - From: Guy Harris

References:
- Re: [ethereal-users] What is good about netxray
  - From: Guy Harris

Prev by Date: Re: [ethereal-users] What is good about netxray
Next by Date: Re: [ethereal-users] Best token ring card for ethereal?
Previous by thread: Re: [ethereal-users] What is good about netxray
Next by thread: Re: [ethereal-users] What is good about netxray
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$