Wireshark · Ethereal-dev: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.

["Greg Morris" <GMORRIS@xxxxxxxxxx>]

Ronnie,

 

The show conversations window basically builds a list of all conversations based on the MAC, IP, TCP, or IPX headers. This allows the user to select each conversation dynamically to create the proper display filter for just the selected conversations. Since I only use Ethereal to analyze traces that I receive from customers I never use tethereal. So, I can't really comment on if it does more or less then -z io,users,.... does. I have attached an html doc that shows how this works. Sorry but the first one I sent out was really a Microsoft Word doc instead of rtf like the extension indicated. This made it difficult to open without word or a viewer.

 

Greg

>>> "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx> 8/20/2003 3:51:04 AM >>>

I dont know what overlap there might be.

My version is just really the same thing as tethereal -z io,users,... does
but just presented as
a clist that can be sordet by column.
I plan to enhance it to allow you to select one "conversation" and tell the
main window in ethereal to apply a displayfilter that only matches the
selected "conversation".

I appologize if my ignoranze of Greg's patch mistakenly thought his patch
was also just a tethereal -z io,users, clist.



One thing in the first patch i was not comfortable with was that it accessed
wiretap directly and is thus exposed to
the cap file encapsulation and the link layers instead of using the tap
system.
I will look into his patch and see what i missed in my ignorance.

If they provide different featuresets, lets just get both of them in, the
more the merrier.


what additional features than just a gui version of -z io,users,... does
Greg's patch provide?


best regards
    ronnie sahlberg


----- Original Message -----
From: "Guy Harris"
Sent: Wednesday, August 20, 2003 4:17 PM
Subject: Re: [Ethereal-dev] Resend: Another new feature for Ethereal.


> On Wed, Aug 20, 2003 at 06:56:32AM +1000, Ronnie Sahlberg wrote:
> > Unfortunately there is some duplication of work in this area.
> > I completed a very similar feature during my travels that will create a
> > clist of all "conversations".
>
> So does your stuff implement all the same stuff Greg's does?  If not,
> how hard would it be to implement that atop your stuff?
>
> > Though it does not use the conversation mechanism in ehtereal.
>
> One problem with using it is that they're created "on demand", and it's
> hard for the "demand" to come from outside.
>

Title: New Tools menu option "Show Conversations"

 

New Tools menu option "Show Conversations"

 

You can now display all conversations contained within the current packet trace by MAC, IP, TCP, or IPX addresses.

 

MAC - Lists all conversations between each MAC address.

 

IP - Lists all conversations between each IP address.

 

TCP - Lists all conversations between each IP address and TCP port.

 

IPX - Lists all conversations between each IPX network, node, and socket.

 

Features: Any of the conversations windows will automatically read any other existing filters. So building complex filters should be much easier. By clicking on one of the conversations the status will change to "On" indicating that a filter is active for that conversation. When you click the OK button the filter is applied to the current packet trace and is echoed to the Display Filter text window at the bottom of the Ethereal main window.

 

 

 

Another neat feature is that each column is sort-able. So within each conversation window you can click on the column header to sort by that column. The default sort is for the first address column. But you can change that to meet you needs by clicking on the desired column header. Also note that the numerical sort is a limitation in GTK that I have no control over. So when you click to sort on the Packets column 1, 10, and 100 would come before 2, 3, 4, etc...

 

If you build a filter via the conversation windows you can easily remove it by clicking on the Reset button on the main window. You can also turn off each filter individually by clicking on the conversation until the status is displayed as "Off".