On Sunday 27 Jul 2003 6:13 am, Mark Holloway wrote:
> I realize
>
> #1 - So called Expert Reporting in commcercial packet capture apps
> is only as good as what the network administrator sets the paramaters
> to (based in his own network). In Fluke Protocol Expert, for
> example, it flags packets with ack time longer than 200 ms using red
> background color and white text. However, this default setting is
> not appropriate for my WAN as most of my PIX to PIX VPNs have ACK
> time around 200ms, as expected.
>
> #2 - Some of the parameters in Protocol Expert's expert reporting
> _are_ very useful for me. I was performing a packet capture from a
> Stratus Continuum trying to resolve many issues, and one of the
> things that Protocol Expert immediately detected was IP Checksum
> errors from the Stratus. I realize in Ethereal I can set a display
> color filter to make these kinds of issues easier to spot. There are
> so many items that can be displayed in Ethereal with various color
> combinations, I suppose one could build there own "Expert Reporting"
> so to speak. No? In one sense ethereal makes it very easy (although
> time consuming) to build as many color-based flagging parameters as I
> want. The nice thing about Protocol Expert, Sniffer, and Etherpeek
> is that they give you a summary pane showing you all the "expert"
> flags, so theoretically even after I've tweaked the expert system, I
> still benefit from that summary pane. In ethereal I guess it would
> be more geared around creating various color coded "warnings" for
> different parmaters since there is no summary pane based on number of
> "red" flags vs. "blue" flags.
The ideal would be an addition to Ethereal, similar to colors, which ran
before the colors system on all packets, added a single field to the
decode for colors to pick up and prefixed a user-defined string to the
info column depending on which of its filters had triggered.
--
Richard Urwin
