We're now a non-profit! Support open source packet analysis by making a donation.

Ethereal-dev: Re: [Ethereal-dev] No further comments on the 'User's guide'preview?!?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <[email protected]>
Date: Thu, 29 Jul 2004 20:53:12 +0200
Martin Regner wrote:

>Below is some of the things I have marked (however just written down quickly, but I
>hope you understand what I mean anyway).
Well, hopefully I do.

>Chapter 1.7.2 (page 10)  Reporting problems:
>* Maybe we could give hints about reading the FAQ and searching the Ethereal web-site/news-groups
I've added a section about the FAQ.
I've added a tip that the mailing lists are searchable (is that what you mean?)
>* Add a Note: Don't send capture files with sensitive/confidential 
information (passwords) to the mailing list

>Chapter 1.7.4 (page 11)  Reporting crashes on Windows platforms
>* Could be improved later on (maybe some comments about DrWatson logs or using Visual C++) As I'm only using the MSVC debugger together with the pdb's, I don't know how to use DrWatson and what can be done with it :-(
>Chapter 3.15  (page 49)  the "Packet list" pane
>* Maybe change "you will see the information from the highest possible level only"
>"you will normally see information from the highest possible level only"
I've added "typically" to the sentence

>Chapter 5.2.2  (page 68)  Input File Formats
>* Add a Note: It may not be possible to read some formats dependant on the packet types captured.
>Ethernet captures are normally supported for most file formats, but other packet types may not be possible to read
>for some file formats.
added a slightly changed note, please review

>Chapter 5.3.2  (page 71)  Output File Formats
>* Add a Note: Other protocol analyzers may require that the file has a certain suffix
>in order to read the files you generate with Ethereal.
> ".ENC" for  Network Associates Sniffer DOS-format
> ".DMP" for Tcpdump/libpcap
> ".CAP" for Network Assosciates Sniffer Windows

>The Syngress book about Ethereal has useful information about how you can transfer capturs >to/from other protocol analyzers. It may be good to add some similar things later on. I don't have that book and I don't want to break their copyright. However, it might be a good idea.
>Chapter 6.3 (page 93 -94) Building display filter expressions
>* Explain why the filter "ip.addr !=" normally isn't as useful as "ip and !(ip.addr =="

>Chapter 7.3  (page 110) Packet Reassembling
>* Mention that you may have to change some preference settings for (IP/TCP,...) in order to get packet
>reasembly to work
I've added a note

>Chapter 8.8  (page 125) The protocol specific statistics
>* We should probably add some details about RTP Analysis later on, and other statistics ...
Well, that's already mentioned, here's some more work to be done.

>Chapter 9.4.2  (page 137-138)  User Specified Decodes
>* We should maybe add some information that it will not always be possible to
>force dissection with the Decode As functionality.
>- dissector hasn't been register for udp.port
>- there is a conversation that has higher priority
>- the dissector rejects dissection of the packet
>- ...
Could you send a more detailed text about it, as I don't have much knowledge on this topic (I don't use "Decode as" a lot).
>Things that could be good to add:
>* Some things from the FAQ could be added at suitable places in the user guide (and/or we could refer to the FAQ on
>certain places).
I've added this to my todo list, but as I want to release the guide soon, I would think this will be done in the next release.
>* Maybe add a table similar to the supported media table  
I've added a subsection "1.1.3. Live capture from many different network 
media" to the "1.1 What is Ethereal" section, pointing to that webpage.