I would like a few more utilities with Ethereal ...
1. A command-line filter program that can go through a captured file and
extract all packets that match a particular filter expression and write
them to an output file.
2. A subroutine that can identify a packet for me, returning perhaps a
dissect tree that I can query ...
Now, while I think Ethereal can be bent and twisted to do the first (as it
is really a case of passing it a filter expression, and telling it to
display nothing) and then writing out the packets selected by the filter
expression, I think perhaps it cannot easily do the second.
In the second case, I envision a routine called walk-dissect-tree that
takes a dissect tree and an array of callback routines? and walks the tree
and calls the appropriate callback for each protocol in the tree.
This would be useful in being able to produce reports about capture files.
It would also be useful in other areas ...
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
