Ethereal-users: RE: [Ethereal-users] Wouldn't it be cool if....
Guy,
Thanks for the reply.
>Well, the "Summary" item under the "Tools" menu gives you:
> a count of the packets in the trace (and a count of the packets
> currently being displayed);
> a count of the bytes in the trace;
> elapsed time of trace;
> the trace file format.
Is there any way to get this summary to file. Having run a whole load of
traces for a project. I'd like to write a command like:
for %1 in (*.trc) do tethereal -r %1 -summary > %1.txt
And use the output as a starting point for a "readme"-like file about what
went on the trace.
>The start time isn't saved in all trace file formats
You could guess this by taking the trace file's timestamp less trace
duration. It's not reliable but it is better than nothing I suppose.
>I don't know what "trace quality" means, so I don't know whether it'd
>even be possible for Ethereal to provide it.
Sorry, I should have been more specific. I meant information such as,
Does the entire file parse without error?
Does the trace contain the full payload of each frame?
Is there anything odd like 0 byte frames, negative values etc?
>> 2) Editcap's flags were tidied up a bit.
>If "-r" were mandatory in Ethereal ..
<Snip>
>If "-r" were optional in Tethereal
<Snip>
These are all valid points as to the mandatory/optional nature of tethereal
and Ethereal's -r and -w flags. I was more concerned about Editcap's (IMHO)
inappropriate use of the -r flag to mean something other than to specify a
source file, and also was suggesting that "editcap -w outfile -r infile"
should be a valid syntax.
>> 3) There was a portable default config file containing such options as.
<snip>
>There is. Ethereal reads, if present, a "preferences" file in the
>"installation" directory (on Windows, it's the directory the Ethereal
>binary is in; on UNIX, it's the directory the package was configured to
>be installed in), just as it reads a "preferences" file in the
>appropriate directory for personal preferences.
Aha! Found it. On my NT4 box it's in
C:\WINNT\Profiles\<user id>\Application Data\Ethereal\preferences
Thanks. Having now found this gem; would there be any way to use a different
preferences file from the default, or to temporarily override any settings?
>> 4) Editcap could read tethereal -V output to recreate a trace file.
>
>"tethereal -V" output doesn't necessarily contain enough of the raw data
>to *allow* it to recreate the trace file.
OK so the -V pipe to editcap isn't going to produce an identical file. Is it
possible to build a skeleton (Eg, time stamps, TCP port numbers and IP
addresses only for example)?
Just wishing .... :-)
Alistair
> ----------------------------------------------------------------------
> Alistair McGlinchy, alistair.mcglinchy@xxxxxxxxxxxxxxxxxxxxx
> Sizing and Performance, Central IT, ext. 5012, ph +44 20 7268-5012
> Marks and Spencer, 3 Longwalk Rd, Stockley Park, Uxbridge UB11 1AW, UK
>
-----------------------------------------------------------------------
Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.
The registered office of Marks and Spencer Financial Services Limited, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB.
