Newer
Older
$Id: TODO,v 1.9 2001/04/21 07:49:24 guy Exp $
*) Protocol dispatchers, allowing run-time setting of protocol "chaining"
*) Work on packet capturing in wiretap
*) Either as part of the previous item, or as a capture-filter
translator that generates "libpcap"-style capture filter expressions,
provide a capture filter syntax similar to the display filter syntax.
(The syntax differences get in the way of users; the fact that you have
to construct some filters by hand, e.g. looking only for initial SYN
packets for TCP connections by doing bit-testing of the flags in a TCP
header has been a pain for some users; and people have asked for
capabilities that aren't conveniently available, or aren't available at
all, in "libpcap"-style capture filters:
the ability to filter on characteristics of IPX packets;
the ability to select, for example, TCP packets with port
numbers *greater than* a particular value, which in "libpcap"
filters you have to do by explicitly testing subfields of the
TCP header rather than doing "tcp.port > 1000";
etc.)
*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
sort port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:
ssh remotehost tcpdump -s 2000 -w - filter,
where "filter" filters out our own ssh packets (using the infromation
from $SSH_CLIENT). Any takers?
*) Of course, packet defragmentating. IP fragments are now reassembled,
but IPv6 fragments need to be reassembled and re-analyzed; we would also
want to support reassembling TCP data streams and breaking the resulting
stream into higher-level packets. Other protocols where we might want
to reassemble packets include NBDS and OSI CLNP.
*) I'd like to someday re-write the display filter routines to have a more
*) More on-line help, and neato things with the protocol tree and
*) A GtkClist replacement, with dynamic columns, allowing columns to be
added, removed, or moved without having to exit and restart Ethereal.
*) A GUI capture/display filter creator.
*) Run-time configuration of tunnelling protocols -- display tunnelled
protocol as data or as a full-fledged protocol (which subtree do we put
it under?)
*) Run-time configuration of data shown in capture statistics window.
*) A GtkWidget for authors in the About box. We've got a lot of authors!
We've currently banished the list of authors to the AUTHORS file and the
man page, which may be the right solution here.
*) Finish moving GTK-dependent code into gtk/ subdirectory.
*) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
full GNOME, native Windows, etc.) and text-mode "curses".
*) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul);
we have krb5, but not krb4
*) Display filters: allow filtering on "enumerated" data types by name,
i.e. if a field has a "value_string" array associated with it, allow
users to specify the string associated with a value.
*) Display filters: add regexes to strings and byte ranges