Wireshark · Ethereal-dev: [Ethereal-dev] Two ideas for new capabilities

Ethereal-dev: [Ethereal-dev] Two ideas for new capabilities

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Sat, 19 Jun 2004 22:45:51 +0200

Hello.

I would like to suggest two new capabilities ethereal/tethereal should have:

1. When working in file-reading mode there is no need for using so much 
memory. I would suggest that in that mode the buffers could be deleted when 
they aren't used any more (they have been filtered and outputed) or at least 
truncated to a small size and with a file offset that would indicate where in 
the input file the packet can be re-read if needed.

2. There could be a way of saying something like that: Filter out only packets 
that produced a lot of network trafic for a specified timeblock. This would 
allow someone to simply log down all DDOS attacks to the disk (assuming he has 
a faster hard drive than network card - so that it can be written in time). 
The best would be if you could specify the size of the time interval that 
interests you and how many packets need to be sent in it that they are 
filtered out. For example more than 2000 packets in 1 minute would indicate 
strange activities in a not-actively used subnetwork that isn't capable of 
transfering large files.

I hope some of this will soon be added to tethereal.


       weiss

____________________
http://www.email.si/

Follow-Ups:
- Re: [Ethereal-dev] Two ideas for new capabilities
  - From: Guy Harris

Prev by Date: RE: [Ethereal-dev] tethereal -G reports duplicated fields
Next by Date: Re: [Ethereal-dev] [PATCH] Make Net-SNMP Optional for VC++ Build
Previous by thread: [Ethereal-dev] plurality vs. PLURALIZE
Next by thread: Re: [Ethereal-dev] Two ideas for new capabilities
Index(es):
- Date
- Thread