Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-users: Re: [Ethereal-users] Stop conditions and triggering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Stef <stefmit@xxxxxxxxx>
Date: Wed, 30 Mar 2005 07:48:20 -0600
On Tue, 29 Mar 2005 22:38:14 -0500, David Flagg <dpflagg@xxxxxxxxxxxxx> wrote:
>  
> Has a capability to trigger on a specific condition (e.g., a RESET flag in a
> TCP segment) and then stop capturing been implemented in Ethereal?  Even
> better: set up a ring buffer and a variable trigger point (10%, 50%, 75%,
> etc. - 75% would mean capturing would continue until 75% of the buffer is
> filled with pre-trigger packets, 25% post ---> like a logic analyzer). 
>   
> I have seen several posts in the archives discussing various
> implementations, but nothing concrete.  It seems like this would be a great
> and very useful capability. 
>   
> Should I post to ethereal-dev? 

I am probably posting this the "n"-th time, but I still don't
understand why people don't want to do this in snort - it has all
that, it is avaiilable as ethereal is (i.e. for every platform, and
freely), and you can safely save the output in a pcap file, to
analyze, later on, with (t)ethereal ...

Stef