Daniel Wu wrote:
I understood that you're the official fellow for (t)ethereal tool.
No, I'm *not* the official person for Ethereal or Tethereal. The
closest thing to an official person would be Gerald Combs, but questions
about Ethereal should be sent to the Ethereal list, not to particular
members of the list. I'll CC the list to see if anybody else has any
recommendations.
I've gotten some question and wonder if you could kindly point me to the right direction. In general the tool does what I needed. However, I'm wondering if it's possible to capture summary level info (using tethereal) while retaining both the IP layer (port and len) information as well as peek into the http cookie section. So far it seems that it's an either-or type of deal. Do you know if there's a way I can get around that? Any advice would be greatly appreciated.
What Ethereal and Tethereal capture is raw binary packet data. The only
way to capture less than the full packet is to set the "snapshot length"
with the "limit each packet to [N] bytes" GUI item in Ethereal and the
"-s" flag in Tethereal, which means that no more than the specified
number of bytes of the packet will be captured; the extra bytes will be
chopped off at the end.
Raw binary packet data has no notion of summary level info vs. a
detailed dissection. It also has no notion of HTTP headers.
Ethereal and Tethereal can *dissect* the raw binary packet data, and
display either summary information and/oror a full detailed dissection.
There are no options in Tethereal to do both (without "-V", you get the
summary; with "-V", you get the detail), and there are no options in
Tethereal to show only part of the detailed dissection.
