Ethereal

Re: [ethereal-dev] proto_tree discussion
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-dev: July 1999

 

> 1. The display filter syntax in ethereal would be different from and
> incompatible with the capture filter syntax (libpcap). Users would have
> to know both. A filter-creation GUI for either filter-language, or both,
> would help the situation for beginning users. A translator to convert
> from one to the other *might* be possible.

If we turn "wiretap" into a full "pcap" replacement, complete with the
ability to do live captures, we could perhaps give it a capture filter
syntax similar to the display filter syntax of Ethereal.

> 3. Ethereal display filters are slower than libpcap display filters, since
> libpcap uses byte-compiled BPF instructions.

...but they do more work.

> Perhaps the
> goal should be the ability to filter on all useful fields. But utility
> is in the eye of the user...

Precisely.

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.