[ethereal-dev] wanted - tethereal: tcp segment dumps

[Neal McBurnett <nealmcb@xxxxxxxxx>]

I just ran across ethereal.  Thanks for a wonderful program!

One feature that I've wanted for a long time in sniffing programs is
something suitable for analyzing TCP-based ASCII protocols like http
and smtp.

When running ethereal itself, the Tools/Follow TCP Stream
feature is nice.

But it would be really handy to be able to do that with tethereal
also, via an option that takes a filter or (when reading a capture
file) a packet number to indicate which tcp stream to watch.

It would help to provide output in a format that differentiates
packets sent in each direction.  The hex version of the TCP Stream
display in ethereal does that, but the ascii display doesn't provide
any differentiation.  A hex/ascii format would be great.

Also, a way to save the captured stream data in a file would be
very helpful.  Hmmm - maybe an XML format for describing the data
would be handy - does such a thing exist?  It could provide
timestamps, separation of streams in each direction, etc.

Outputing two files, one showing the stream from A to B and the other
showing it from B to A would be easier, and also very handy.

Are there other programs that do this already?

Cheers,

Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>  303-538-4852
Avaya Communication / Internet2 / Bell Labs / Lucent Technologies
http://bcn.boulder.co.us/~neal/      (with PGP key)