forked from hauke/wireshark
-
Notifications
You must be signed in to change notification settings - Fork 1
/
TODO
101 lines (75 loc) · 3.57 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
$Id: TODO,v 1.12 2003/05/28 22:58:46 guy Exp $
Things to do:
=============
*) Protocol dispatchers, allowing run-time setting of protocol "chaining"
(i.e., UDP port X calls dissector Y)
*) Work on packet capturing in wiretap - or just make it a wrapper
around libpcap/WinPcap, hiding some of the stuff Ethereal and
Tethereal currently have to do independently
*) Either as part of the previous item, or as a capture-filter
translator that generates "libpcap"-style capture filter expressions,
provide a capture filter syntax similar to the display filter syntax.
(The syntax differences get in the way of users; the fact that you have
to construct some filters by hand, e.g. looking only for initial SYN
packets for TCP connections by doing bit-testing of the flags in a TCP
header has been a pain for some users; and people have asked for
capabilities that aren't conveniently available, or aren't available at
all, in "libpcap"-style capture filters:
the ability to filter on characteristics of IPX packets;
the ability to select, for example, TCP packets with port
numbers *greater than* a particular value, which in "libpcap"
filters you have to do by explicitly testing subfields of the
TCP header rather than doing "tcp.port > 1000";
etc.)
*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
sort port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:
ssh remotehost tcpdump -s 2000 -w - filter,
where "filter" filters out our own ssh packets (using the infromation
from $SSH_CLIENT). Any takers?
*) Of course, packet defragmentation. We currently reassemble:
IP fragments
IPv6 fragments
OSI CLNP segments
ONC RPC-over-TCP and DCE RPC fragments
802.11 fragments
X.25 packets with M set
ATP fragments
EAP/TLS fragments
Fibre Channel fragments
Netware NDPS fragments
NBF fragments
Fragmented SNA BIUs
TDS (Sybase/Microsoft SQL Server) fragments
WTP fragments.
and currently support, for many protocols running atop TCP and the
SMB pipe protocol, reassembling the data stream and breaking the
resulting stream into higher-level packets. We want to support that
for more TCP-based protocols; we might also want to reassemble:
NBDS
PPP Multilink
and possibly other protocols.
*) I'd like to someday re-write the display filter routines to have a more
powerful syntax.
*) More on-line help, and neato things with the protocol tree and
right-clicks.
*) A GtkClist replacement, with dynamic columns, allowing columns to be
added, removed, or moved without having to exit and restart Ethereal.
(guy)
*) A GUI capture/display filter creator (we have stuff to add fields to
display filters, but perhaps something such as what Network Monitor has,
to add AND/OR/NOT operators, would be useful)
*) Run-time configuration of tunnelling protocols -- display tunnelled
protocol as data or as a full-fledged protocol (which subtree do we put
it under?)
*) Run-time configuration of data shown in capture statistics window.
*) A GtkWidget for authors in the About box. We've got a lot of authors!
We've currently banished the list of authors to the AUTHORS file and the
man page, which may be the right solution here.
*) Finish moving GTK-dependent code into gtk/ subdirectory.
*) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
full GNOME, native Windows, native Aqua, etc.) and text-mode "curses".
*) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul);
we have krb5, but not krb4
*) Display filters: add regexes to strings and byte ranges