On Sunday 27 Jul 2003 6:13 am, Mark Holloway wrote: > I realize > > #1 - So called Expert Reporting in commcercial packet capture apps > is only as good as what the network administrator sets the paramaters > to (based in his own network). In Fluke Protocol Expert, for > example, it flags packets with ack time longer than 200 ms using red > background color and white text. However, this default setting is > not appropriate for my WAN as most of my PIX to PIX VPNs have ACK > time around 200ms, as expected. > > #2 - Some of the parameters in Protocol Expert's expert reporting > _are_ very useful for me. I was performing a packet capture from a > Stratus Continuum trying to resolve many issues, and one of the > things that Protocol Expert immediately detected was IP Checksum > errors from the Stratus. I realize in Ethereal I can set a display > color filter to make these kinds of issues easier to spot. There are > so many items that can be displayed in Ethereal with various color > combinations, I suppose one could build there own "Expert Reporting" > so to speak. No? In one sense ethereal makes it very easy (although > time consuming) to build as many color-based flagging parameters as I > want. The nice thing about Protocol Expert, Sniffer, and Etherpeek > is that they give you a summary pane showing you all the "expert" > flags, so theoretically even after I've tweaked the expert system, I > still benefit from that summary pane. In ethereal I guess it would > be more geared around creating various color coded "warnings" for > different parmaters since there is no summary pane based on number of > "red" flags vs. "blue" flags.
The ideal would be an addition to Ethereal, similar to colors, which ran before the colors system on all packets, added a single field to the decode for colors to pick up and prefixed a user-defined string to the info column depending on which of its filters had triggered. -- Richard Urwin
