aboutsummaryrefslogtreecommitdiffstats
path: root/TODO
blob: dd6643cad242ab4cd9bd89160d2353bd8d8ffe5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
$Id$

Things to do:
=============

*) Protocol dispatchers, allowing run-time setting of protocol "chaining"
(i.e., UDP port X calls dissector Y)

*) Work on packet capturing in wiretap - or just make it a wrapper
around libpcap/WinPcap, hiding some of the stuff Ethereal and
Tethereal currently have to do independently

*) Either as part of the previous item, or as a capture-filter
translator that generates "libpcap"-style capture filter expressions,
provide a capture filter syntax similar to the display filter syntax. 
(The syntax differences get in the way of users; the fact that you have
to construct some filters by hand, e.g.  looking only for initial SYN
packets for TCP connections by doing bit-testing of the flags in a TCP
header has been a pain for some users; and people have asked for
capabilities that aren't conveniently available, or aren't available at
all, in "libpcap"-style capture filters:

	the ability to filter on characteristics of IPX packets;

	the ability to select, for example, TCP packets with port
	numbers *greater than* a particular value, which in "libpcap"
	filters you have to do by explicitly testing subfields of the
	TCP header rather than doing "tcp.port > 1000";

	etc.)

*) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
source port, and destination port. That coupled with a destination IP
would give us enough information to carry out remote protocol capturing,
tcpdump over ssh:

	ssh remotehost tcpdump -s 2000 -w - filter,

where "filter" filters out our own ssh packets (using the infromation
from $SSH_CLIENT). Any takers?

*) Of course, packet defragmentation.  We currently reassemble:

	IP fragments
	IPv6 fragments
	OSI CLNP segments
	ONC RPC-over-TCP and DCE RPC fragments
	802.11 fragments
	X.25 packets with M set
	ATP fragments
	EAP/TLS fragments
	Fibre Channel fragments
	Netware NDPS fragments
	NBF fragments
	Fragmented SNA BIUs
	TDS (Sybase/Microsoft SQL Server) fragments
	WTP fragments.

   and currently support, for many protocols running atop TCP and the
   SMB pipe protocol, reassembling the data stream and breaking the
   resulting stream into higher-level packets.  We want to support that
   for more TCP-based protocols; we might also want to reassemble:

	NBDS
	PPP Multilink

   and possibly other protocols.

*) I'd like to someday re-write the display filter routines to have a more
powerful syntax.

*) More on-line help, and neato things with the protocol tree and
right-clicks.

*) A GtkClist replacement, with dynamic columns, allowing columns to be
added, removed, or moved without having to exit and restart Ethereal.
(guy)

*) A GUI capture/display filter creator (we have stuff to add fields to
display filters, but perhaps something such as what Network Monitor has,
to add AND/OR/NOT operators, would be useful)

*) Run-time configuration of tunnelling protocols -- display tunnelled
protocol as data or as a full-fledged protocol (which subtree do we put
it under?)

*) Run-time configuration of data shown in capture statistics window.

*) A GtkWidget for authors in the About box. We've got a lot of authors!
We've currently banished the list of authors to the AUTHORS file and the
man page, which may be the right solution here.

*) Finish moving GTK-dependent code into gtk/ subdirectory.

*) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
full GNOME, native Windows, native Aqua, etc.) and text-mode "curses".

*) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul);
we have krb5, but not krb4

*) Build process:
  - Merge epan/configure.in back into toplevel configure.in [DONE]
  - Run make-version.pl only once per make
  - --enable-static doesn't build on all platforms any more (e.g. Suse 9.0)
    because all static builds are not supported on those platforms. Try to
    link "as statically as possible"
  - Support native win32 builds using auto-tools and gcc
  - Move dissectors and supporting files into the epan tree
  - Move plugins into the epan tree
  - move libs/objects to be linked into LDADD_xxx where appropriate
  - make heimdal detection work for everyone

*) Allow packet summary and packet dissection as valid "fields" in display
   filter tests:
  - summary matches "(?i)response"
  - dissection contains "Unknown"