1 $Id: TODO,v 1.12 2003/05/28 22:58:46 guy Exp $
6 *) Protocol dispatchers, allowing run-time setting of protocol "chaining"
7 (i.e., UDP port X calls dissector Y)
9 *) Work on packet capturing in wiretap - or just make it a wrapper
10 around libpcap/WinPcap, hiding some of the stuff Ethereal and
11 Tethereal currently have to do independently
13 *) Either as part of the previous item, or as a capture-filter
14 translator that generates "libpcap"-style capture filter expressions,
15 provide a capture filter syntax similar to the display filter syntax.
16 (The syntax differences get in the way of users; the fact that you have
17 to construct some filters by hand, e.g. looking only for initial SYN
18 packets for TCP connections by doing bit-testing of the flags in a TCP
19 header has been a pain for some users; and people have asked for
20 capabilities that aren't conveniently available, or aren't available at
21 all, in "libpcap"-style capture filters:
23 the ability to filter on characteristics of IPX packets;
25 the ability to select, for example, TCP packets with port
26 numbers *greater than* a particular value, which in "libpcap"
27 filters you have to do by explicitly testing subfields of the
28 TCP header rather than doing "tcp.port > 1000";
32 *) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
33 sort port, and destination port. That coupled with a destination IP
34 would give us enough information to carry out remote protocol capturing,
37 ssh remotehost tcpdump -s 2000 -w - filter,
39 where "filter" filters out our own ssh packets (using the infromation
40 from $SSH_CLIENT). Any takers?
42 *) Of course, packet defragmentation. We currently reassemble:
47 ONC RPC-over-TCP and DCE RPC fragments
49 X.25 packets with M set
52 Fibre Channel fragments
53 Netware NDPS fragments
56 TDS (Sybase/Microsoft SQL Server) fragments
59 and currently support, for many protocols running atop TCP and the
60 SMB pipe protocol, reassembling the data stream and breaking the
61 resulting stream into higher-level packets. We want to support that
62 for more TCP-based protocols; we might also want to reassemble:
67 and possibly other protocols.
69 *) I'd like to someday re-write the display filter routines to have a more
72 *) More on-line help, and neato things with the protocol tree and
75 *) A GtkClist replacement, with dynamic columns, allowing columns to be
76 added, removed, or moved without having to exit and restart Ethereal.
79 *) A GUI capture/display filter creator (we have stuff to add fields to
80 display filters, but perhaps something such as what Network Monitor has,
81 to add AND/OR/NOT operators, would be useful)
83 *) Run-time configuration of tunnelling protocols -- display tunnelled
84 protocol as data or as a full-fledged protocol (which subtree do we put
87 *) Run-time configuration of data shown in capture statistics window.
89 *) A GtkWidget for authors in the About box. We've got a lot of authors!
90 We've currently banished the list of authors to the AUTHORS file and the
91 man page, which may be the right solution here.
93 *) Finish moving GTK-dependent code into gtk/ subdirectory.
95 *) Provide alternative user interfaces, e.g. other toolkits (Qt/KDE,
96 full GNOME, native Windows, native Aqua, etc.) and text-mode "curses".
98 *) Kerberos version 4 dissector - standard krb4 - from tcpdump (nneul);
99 we have krb5, but not krb4
101 *) Display filters: add regexes to strings and byte ranges