>> The only way I can see this being done right
>> now is either parsing the text output of tetheral
>> -V (which is expensive)
>
>Why do you think this to be expensive? If there is a
>display filter for this field, then you just need to
>run the capture through this filter and only grep
>through those packets, that contain the field you are
>looking for.
Isn't it? Well, I may be wrong. But, in verbose text
form, a single request (from eg NFS) looks to be ~2000
bytes, when I am only intested in say, maybe 8 bytes
in total. So I have to regexp that whole block of
text. Yes, there are more efficient ways to do it
("Okay, well, I can seek straight past the first N
bytes of the file, because I know I don't need the
Ethernet, UDP, RPC headers, etc..") but this seems
kludgy even just for the simplest case. Supposing
several thousand operations needed per second, and you
can see why I might be more concerned about resource
use. Or maybe I want to store 50,000 file handles from
requests in a file. (Though in these cases I guess the
answer is: don't use a general purpose tool!)
I guess I would just like some way to play -- inside
Ethereal -- with all these nice structures that have
been made for all the dissectors -- seing how pretty
they are in a man page, what a tease!
Take care,
Mike
