I needed a network analyzer today and discovered Ethereal.
I'm impressed. The list of features is impressive.
The list of protocols is impressive. The list of platforms
is impressive. The build schedule and list of mirrors is
impressive. The web site is impressive because it is so
simple and so useful. My thanks and appreciation to the
huge cast that has contributed to Ethereal.
Now for my problem. I have used other network analyzers
that had a general way to replace an address by a name.
I searched the help file, the documentation, and the menus,
but I could not find that in Ethereal. I did find a way
to replace the vendor portion of an ethernet physical
address with a name, provided it was known to Ethereal.
I also found a way to replace a TCP/IP address with a
name. (See below why this is not useful to me.)
I suspect it is there, but I could not find it. Any pointers
gratefully received.
Just in case it is not there, here are a few thoughts
about providing it.
Something as simple as the C #define might go a long way.
Be sure to only make substitutions on full lexical entities.
Any substitution facility need not be limited to addresses.
Any combination of fields could be used. If the fields are
not adjacent make the substitution at the first field and
suppress the defined fields after the missing fields.
I'm afraid I wandered away from the user topic. If any of the
developers or designers want to discuss this further I'm
willing to join whatever thing it takes.
My home LAN gets IP addresses from the ISP. Leases expire in
only three days and I suspect the interval will get shorter.
Systems are often off long enough for leases to expire.
The time between when I change NICs is long enough for me
to be willing to revise any filters.
Thanks again for this powerful tool.
