Wireshark · Ethereal-dev: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.

["Greg Morris" <GMORRIS@xxxxxxxxxx>]

Ian,

 

I'm glad you like it... I spent a lot of time working on these. I wasn't real familiar with GTK or the internal workings of Ethereal so it took quite a bit of investigation to get these to functionally work. There may be better or cleaner ways of doing the same things but most of the code was aquired from other components in Ethereal and then modified to do the work. I have made some additional changes with the progress bar dialogs for this feature and plan to upload them later today. I appreciate the comments. I also look forward to seeing Ronnie's top talkers.

 

Also the find window is now quite cluttered. I would like to clean it up but need some input from other developers/users on how to best present the dialog. I was thinking that it would be better to have the options in the drop down box to exclude the unicode options and just provide a checkbox/pushbutton to enable/disable unicode searches. Much like the case insensitive switch. Then the drop down box would just be able to select ASCII/EBCDIC/etc...

 

Then the source optons hex/decode/summary should be enclosed in a box marked as Source Window. Also the filter button only be available when the filter radio button is selected (as you suggested). Finally, all of the search types of filter/hex/string be enclosed in a box labled as Search Type. What do you think?

 

So, Pardon the text representation.

 

|Find:                                                 |

|________________________________|

|     Filter: XXXXXXXXXX                      |

|________________________________|

|Search Type                                      |

|    Filter           Hex           String         |

|________________________________|

|Source Window                                 |

|   Summary      Decode      Hex           |

|________________________________|

|String Type                                       |

|                      ASCII                          |

|________________________________|

|                            Ok          Cancel     |

|________________________________|

 

Greg

>>> Ian Schorr <spamcontrol2@xxxxxxxxxxx> 8/12/2003 10:40:39 AM >>>

These are great, Greg.

I checked both this and the find patch out last night.  The new find
functionality is great, and works exactly as I'd hoped.  Very useful indeed.

It'd be great to see both these host statistics and Ronnie's Top Talkers
list feature both implemented in Ethereal - I'd love to be able to see
both information by host and by conversation.

Ian

Greg Morris wrote:

> Since this has not been committed yet, I am resending this patch. I
> updated the file showconversations.c to cleanup memory by issuing a
> epan_dissect_free within each of the table loops.
> 
> Greg
> 
> Many users of Sniffer like the Matrix option - Which allows you to see
> the conversations between different layers. I have been working on a
> new Tools Menu option called "Show Conversations". I know it is really
> not the correct technical term at each layer of the OSI but it should
> be close enough to allow users to identify it's purpose.
> 
> There are 4 options.
> 
> Conversations by MAC address - This is a table of the conversations
> between 2 unique MAC addresses.
> 
> Conversations by IP address - This is a table of the conversations
> between 2 unique IP addresses.
> 
> Conversations by TCP address - This is a table of the conversations
> between 2 unique IP/Ports.
> 
> Conversations by IPX address - This is a table of the conversations
> between 2 unique net/node/sockets.
> 
> Each table is column sortable. There are several common columns for
> each table.
> 
> Status - This column indicates whether the filter on this conversation
> is currently on or off.
> 
> Address - First address in the table
> 
> Address - Second address in the table
> 
> Packets - The number of packets in this conversation
> 
> Filter - The filter string to be applied if this item is selected.
> 
> Additionally the TCP table adds 2 port columns, and IPX adds instead 2
> socket columns and replaces the Address columns with a network and
> node column. See attached document for a better description.
> 
> When a show conversations option is selected the existing filter is
> read so that the new filter that will be built by the table will be
> appended. Also the table will search the current filter to determine
> if previous table filters have already been applied and will indicate
> that status in the status column. Users can add and remove filters
> dynamically and when clicking the OK button the filter will be applied
> and reflected in the filter text window of the main screen. Multiple
> items can be added or removed dynamically. Also if the user clicks on
> the reset button on the main window the filter will be reset and the
> tables will also reflect this change.
> 
> The attached files are of the current CVS on 8-6-03. I have built and
> tested on Windows platforms with GTK 1.3. All files/patches will  be
> located in the ethereal/gtk directory.
> 
> Please consider this addition to Ethereal.
> Greg
> 
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ethereal-dev mailing list
>Ethereal-dev@xxxxxxxxxxxx
>http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
>