hello. while working with ethereal on heavily loaded networks, i often remembered nice feature of (e.g.) Tektronix analyzer, it has two filters, with one i can filter at the moment packet arrives and to drop unwanted packets immediately, the other filters output (as in Ethereal).
Well, you might say libpcap plays the role for the former in Ethereal, but pcap does not know many protocols Ethereal does, so this is not as effective i use it mostly for narrowing sniffing scope like 'udp and port 3386'. well, i think 'gtpv0.tid == "1234567890abcdefg"' would be better for the purpose... however, on a loaded network, Ethereal quickly becomes so huge in memory that makes it very ineffective for continuous network analysis, also it makes it ineffective when working with huge dump files. what if there would be an additional filter in capture start and open windows, allowing to select Ethereal filter to pass only desired traffic? please include me in Cc: since i'm not on the list. thanks! -- Denis A. Doroshenko, GPRS engineer Omnitel Ltd., T. Sevcenkos st. 25, Vilnius, Lithuania [EMAIL PROTECTED], +370 2 262188
