|
Ethereal[Ethereal-users] Ethereal's MATE (Meta Analysis Tracing Engine): call for testers |
|
||
|
|
Ethereal[Ethereal-users] Ethereal's MATE (Meta Analysis Tracing Engine): call for testers |
|
||
Hi People, During the last few months I've been writing a configurable upper level analysis engine for ethereal. MATE is an ethereal module that allows the user to specify how different frames are related to each other. To do so, mate extracts data from the frames's tree and then, using that information, tries to group the frames based on the rules from the configuration file. Once the PDUs are related MATE will create a "protocol" tree with fields the user can use to filter. The fields will be almost the same for all the related frames, so one can filter a complete session spanning several frames containing more protocols based on an attribute appearing in some frame belonging to it. Other than that MATE allows to filter frames based on response times of transactions, number of pdus in a group and many more. MATE is described in http://wiki.ethereal.com/Mate MATE's goal is to enable users to filter frames based on information extracted from other related frames or information on how frames relate to each other. MATE was written to help troubleshooting gateways and other systems where a "use" involves more protocols. However MATE can be used as well to analyze other issues regarding a interaction between packets like response times, incompleteness of transactions, presence/absence of certain attributes or conditions in a group of PDUs and more. Some example configurations can be found in http://wiki.ethereal.com/Mate_2fExamples In http://wiki.ethereal.com/Mate_2fTutorial there's brief configuration tutorial where MATE gets configured to group all the PDUs of a web visit (that is DNS and all the HTTP sessions) to allow the user to filter for example in the time taken to load the whole page. MATE pretty close to delivery. As so, MATE needs volunteers that know how the protocols they work with interact with each other. The goal: to help improving MATE, there are several things still to do. Information on how obtain and install mate in your system can be found in: http://wiki.ethereal.com/Mate_2fTesting - We are missing a plugin binaries for platforms other than Mac OS X and Windows it would be nice if someone could build them and make them available. - Naturally, there are bugs in the code we have to find them. - The examples collection and library is far far away from complete. It would be nice, for both the sake of completeness and testing, that more people contribute example configurations and "library modules". You can do it updating the wiki pages: http://wiki.ethereal.com/Mate_2fLibrary and http://wiki.ethereal.com/Mate_2fExamples . - As said before MATE's embryonic documentation can be found in http://wiki.ethereal.com/Mate. So far it is not close to complete. Not even good, I'm not a good writer. It *REALY* needs an editor, any volunteers out there? - So far there has baing very little feedback on what to add and how to improve MATE. Suggestions are always welcome. In http://wiki.ethereal.com/Mate_2fDiscussion there is a list of improvements planned for MATE, you might have your own. Best Regards, Luis Ontanon
Powered by MHonArc 2.6.10