I realize
#1 - So called Expert Reporting in commcercial packet capture apps is only as good as
what the network administrator sets the paramaters to (based in his own network). In
Fluke Protocol Expert, for example, it flags packets with ack time longer than 200 ms
using red background color and white text. However, this default setting is not
appropriate for my WAN as most of my PIX to PIX VPNs have ACK time around 200ms, as
expected.
#2 - Some of the parameters in Protocol Expert's expert reporting _are_ very useful
for me. I was performing a packet capture from a Stratus Continuum trying to resolve
many issues, and one of the things that Protocol Expert immediately detected was IP
Checksum errors from the Stratus. I realize in Ethereal I can set a display color
filter to make these kinds of issues easier to spot. There are so many items that can
be displayed in Ethereal with various color combinations, I suppose one could build
there own "Expert Reporting" so to speak. No? In one sense ethereal makes it very
easy (although time consuming) to build as many color-based flagging parameters as I
want. The nice thing about Protocol Expert, Sniffer, and Etherpeek is that they give
you a summary pane showing you all the "expert" flags, so theoretically even after
I've tweaked the expert system, I still benefit from that summary pane. In ethereal I
guess it would be more geared around creating various color coded "warnings" for
different parmaters since there is no summary pane based on number of "red" flags vs.
"blue" flags.
Has anyone tried making there own Expert-like system in Ethereal?
Regards,
Mark
