Wireshark · Ethereal-dev: Re: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files

Ethereal-dev: Re: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxx>

Date: Sat, 04 Dec 1999 00:12:24 -0600

On Fri, Dec 03, 1999 at 09:20:30PM -0800, Guy Harris wrote:
> 
> NetMon didn't like the NFS packets from Gilbert's capture any more than
> "snoop" or Ethereal did.  Current score: network analyzers 3, Linux
> 2.2.14-pre10 NFS client code 0. :-)

I see that 2.2.14-pre11 is out now, but the notes didn't mention any
fix to my problem, as far as I could tell. I posted my report to
linux-kernel, but have received no feedback yet. Unless I get a fix
over the weekend, I'll test pre11 at work on Monday.

I enjoyed working with Ethereal today on the 14MB file. The ethereal
process used about 80 MB of memory, and was a bit slow, but usable.
The colorization routines helped out alot, especially being able to
set color by any arbitrary display filter. What I sorely missed
was the ability to filter on FT_STRINGs, or search within byte ranges.

I would have liked to do:
	nfs.name == "capture_dlg.c"

or search for a string anywhere in the nfs section:
	nfs[0] =~ /capture_dlg\.c/

More stuff for the TODO list...

--gilbert

Follow-Ups:
- [ethereal-dev] New parser
  - From: Thomas Parvais

References:
- [ethereal-dev] Checked in code to write "snoop" and NetMon capture files
  - From: Guy Harris

Prev by Date: Re: [ethereal-dev] how to handle etypes < maxlen
Next by Date: Re: [ethereal-dev] Short packets / Bad data
Previous by thread: [ethereal-dev] Checked in code to write "snoop" and NetMon capture files
Next by thread: [ethereal-dev] New parser
Index(es):
- Date
- Thread