[svlug] Re: Ethereal Gripe

Richard Sharpe rsharpe at richardsharpe.com
Wed Aug 20 13:03:28 PDT 2003

On Wed, 20 Aug 2003, David E. Weekly wrote:

> > I know of at least one large NAS company that is very unhappy with their
> > very expensive to maintain packet capture and analysis program give that
> > Ethereal, which is developed by a 'horde of mongrels' (according to sales
> > staff of the company that develops said program), beats the pants off of
> > it in almost every department.
> Ethereal is really kick ass 95% of the time.
> For the other 5%, I wish:
>     - I could cut and paste (big PITA)

Groan, yes, I know. I tried to do this recently and couldn't.

>     - I could save as text

Hmmm, hadn't thought of this need. This will need some discussion as to 
what needs to be saved.

>     - I could easily drop in new protocol specifications without writing
> code

We have talked about this time and time again. There are several 
approaches ranging from:

  - A programming language, like maybe Python, in Ethereal that can do 
dissections easier than writing C code.
  - A protocol specification language that you pass through a tool to
generate C code
  - A pointy-clicky thing that allows you to select ranges of bytes and 
specify what they are and allowed values etc.

All require lots of work and the horde of mongrels are afraid of work :-)

> I'm sufficiently not-sharp that I'm willing to believe that Ethereal *does*
> all of this and I just don't know about it - anyone care to inform me?

Nope, there are not ways to do these things, I believe.

Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

More information about the svlug mailing list