aboutsummaryrefslogtreecommitdiffstats
path: root/TODO
blob: 9000cbfc0432825be14518508e16c8c0b95511fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
$Id: TODO,v 1.9 2001/04/21 07:49:24 guy Exp $

Things to do:
=============

*) Protocol dispatchers, allowing run-time setting of protocol "chaining"
(i.e., UDP port X calls dissector Y)

*) Work on packet capturing in wiretap

*) Either as part of the previous item, or as a capture-filter
translator that generates "libpcap"-style capture filter expressions,
provide a capture filter syntax similar to the display filter syntax. 
(The syntax differences get in the way of users; the fact that you have
to construct some filters by hand, e.g.  looking only for initial SYN
packets for TCP connections by doing bit-testing of the flags in a TCP
header has been a pain for some users; and people have asked for
capabilities that aren't conveniently available, or aren't available at
all, in "libpcap"-style capture filters:

	the ability to filter on characteristics of IPX packets;

	the ability to select, for example, TCP packets with port
	numbers *greater than* a particular value, which in "libpcap"
	filters you have to do by explicitly testing subfields of the
	TCP header rather than doing "tcp.port > 1000";

	etc.)

*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
sort port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:

	ssh remotehost tcpdump -s 2000 -w - filter,

where "filter" filters out our own ssh packets (using the infromation
from $SSH_CLIENT). Any takers?

*) Of course, packet defragmentating.  IP fragments are now reassembled,
but IPv6 fragments need to be reassembled and re-analyzed; we would also
want to support reassembling TCP data streams and breaking the resulting
stream into higher-level packets.  Other protocols where we might want
to reassemble packets include NBDS and OSI CLNP.

*) I'd like to someday re-write the display filter routines to have a more
powerful syntax.

*) More on-line help, and neato things with the protocol tree and
right-clicks.

*) A GtkClist replacement, with dynamic columns, allowing columns to be
added, removed, or moved without having to exit and restart Ethereal.
(guy)

*) A GUI capture/display filter creator.

*) Run-time configuration of tunnelling protocols -- display tunnelled
protocol as data or as a full-fledged protocol (which subtree do we put
it under?)

*) Run-time configuration of data shown in capture statistics window.

*) A GtkWidget for authors in the About box. We've got a lot of authors!
We've currently banished the list of authors to the AUTHORS file and the
man page, which may be the right solution here.

*) Finish moving GTK-dependent code into gtk/ subdirectory.

*) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
full GNOME, native Windows, etc.) and text-mode "curses".

*) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul);
we have krb5, but not krb4

*) Display filters: allow filtering on "enumerated" data types by name,
i.e. if a field has a "value_string" array associated with it, allow
users to specify the string associated with a value.

*) Display filters: add regexes to strings and byte ranges