Wireshark mailing list archives
Random feature and enhancements ideas (topics for Sharkfests developers room?)
From: Anders Broman <anders.broman () ericsson com>
Date: Thu, 10 May 2012 10:24:38 +0200
Hi,
Some random ideas that some one with unlimited time on their hands could dig into :-)
Seriously - I thought I'd just scribble down some things I've idly been thinking about to see if it spurs any interest
in implementing them or why it's a bad idea.
If any one is interested in any of the items listed and wants to continue the discussion break that out in a separate
email. Feel free to add to the list.
Reduce Memory usage:
- In frame_data.h it should be possible to cut down on the nstime_t structures by only having abs_ts and the others
could be offsets to that or something similar thus saving a couple of bytes per packet.
- In the reassembly routines If I remember correctly, I might be wrong I think we may waste memory for TCP. Fragments
and reassembled fragments?
- It might be possible to store file pointer and length rather than the fragment data and read in that data when
needed.
Filtering:
- We have a string with per packet protocols, could that string be saved and used in filtering - don't dissect the
packet if it does not contain the filtered protocol.
Pcap-ng
- The defined blocks are capture oriented should we define some analysis re-saving oriented ones.
- UDP/TCP/SCTP... port map similar to the NRB (think decode as)
- Read filter used ( save filtered trace)
- File history ( saved file A as B (using read filter X) ...)
- ...
https://www.winpcap.org/mailman/listinfo/pcap-ng-format
Features
- Ability to edit conversations protocol data, make it possible to edit or add data to a conversation after own
analysis.
:
Best regards
Anders
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Random feature and enhancements ideas (topics for Sharkfests developers room?) Anders Broman (May 10)
- Re: Random feature and enhancements ideas (topics for Sharkfests developers room?) Jasper Bongertz (May 10)
- Reducing memory usage by saving fewer time stamps in frame_data Guy Harris (May 10)
- Reducing memory usage by not storing reassembled packet data Guy Harris (May 10)
- Re: Reducing memory usage by not storing reassembled packet data Anders Broman (May 10)
- Using the per-packet protocols string when filtering Guy Harris (May 10)
- Re: Using the per-packet protocols string when filtering Anders Broman (May 10)
- Re: Using the per-packet protocols string when filtering Guy Harris (May 10)
- Re: Using the per-packet protocols string when filtering Anders Broman (May 10)
- Re: Using the per-packet protocols string when filtering Anders Broman (May 10)