Differences between revisions 52 and 53
Revision 52 as of 2006-06-05 03:19:20
Size: 2798
Editor: localhost
Comment:
Revision 53 as of 2008-04-12 17:51:38
Size: 2807
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
 * [:Mate/GettingStarted: MATE Getting Started] how to start working with MATE
 * [:Mate/Manual: MATE's Manual] if you are new to MATE, this might be the best place to start learning MATE configuration
 * [:Mate/Tutorial: MATE's Configuration Tutorial] explanation of MATE configuration with some step-by-step examples
 * [:Mate/Examples: MATE Configuration Examples] various ready to go configuration examples
 * [:Mate/Library: MATE's Configuration Library] MATE library of frequently used configuration settings
 * [:Mate/Reference: MATE Reference Manual] the reference of all the configuration settings
 * [:Mate/FAQ: MATE's FAQ] Frequently asked questions and the corresponding answers
 * [:Mate/Discussion: MATE's discussion] things to be discussed (rename this to Mate/WishList?)
 * [:Mate/Accident: MATE is an accident]. It was not planned to be what it is. Prior to its writing the goal was similar but not quite what it is now.
 * [[Mate/GettingStarted| MATE Getting Started]] how to start working with MATE
 * [[Mate/Manual| MATE's Manual]] if you are new to MATE, this might be the best place to start learning MATE configuration
 * [[Mate/Tutorial| MATE's Configuration Tutorial]] explanation of MATE configuration with some step-by-step examples
 * [[Mate/Examples| MATE Configuration Examples]] various ready to go configuration examples
 * [[Mate/Library| MATE's Configuration Library]] MATE library of frequently used configuration settings
 * [[Mate/Reference| MATE Reference Manual]] the reference of all the configuration settings
 * [[Mate/FAQ| MATE's FAQ]] Frequently asked questions and the corresponding answers
 * [[Mate/Discussion| MATE's discussion]] things to be discussed (rename this to Mate/WishList?)
 * [[Mate/Accident| MATE is an accident]]. It was not planned to be what it is. Prior to its writing the goal was similar but not quite what it is now.

MATE: Meta Analysis and Tracing Engine

What is MATE? Well, to keep it very short, with MATE you can create user configurable extension(s) of the display filter engine.

MATE's goal is to enable users to filter frames based on information extracted from related frames or information on how frames relate to each other. MATE was written to help troubleshooting gateways and other systems where a "use" involves more protocols. However MATE can be used as well to analyze other issues regarding a interaction between packets like response times, incompleteness of transactions, presence/absence of certain attributes in a group of PDUs and more.

MATE is an wireshark plugin that allows the user to specify how different frames are related to each other. To do so, MATE extracts data from the frames's tree and then, using that information, tries to group the frames based on how MATE is configured. Once the PDUs are related MATE will create a "protocol" tree with fields the user can filter with. The fields will be almost the same for all the related frames, so one can filter a complete session spanning several frames containing more protocols based on an attribute appearing in some related frame. Other than that MATE allows to filter frames based on response times, number of pdus in a group and a lot more.

So far MATE has been used to:

  • Filter all packets of a call using various protocols knowing just the calling number. (MATE's original goal)
  • Filter all packets of all calls using various protocols based on the release cause of one of its "segments".
  • Extrapolate slow transactions from very "dense" captures. (finding requests that timeout)
  • Find incomplete transactions (no responses)
  • Follow requests through more gateways/proxies.
  • more...

You will find more information at the following pages:

Mate (last edited 2008-04-12 17:51:38 by localhost)