Ethereal-dev: [Ethereal-dev] Re: Where is the TCP Sequence Number Analysis fe ature in 0.9.6?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Thu, 22 Aug 2002 02:28:36 +0200
On Wed, Aug 21, 2002 at 04:11:29PM -0400, Morgan, Chip E. wrote:
>    It worked on a 4600 packet capture that I've been looking at. However,
> I'm fumbling around trying to isolate the "analysis flagged" packets.
> There's no handy way (that I know of) to search the contents of the Info
> field from the GUI, and I didn't see any tcp seq# analysis specific filter
> primitives. I chose to run Tethereal on the capture file and grep the
> output, which did work, but is less than optimal.

These fields should be in the manpage: Search for tcp.an in it or run
tethereal -G | grep tcp.an
I hope I get this right because I'm on a system without tethereal rightn
now and work from memory.

>    What I would like to be able to do as different protocol-specific experts
> continue adding knowledge into the decodes is to be able to filter on
> ANYTHING OF INTEREST to one of these experts.

Hmm, nice idea. Yes, something like expert.tcp.xxx or expert.warn.tcp...
would be nice. That way, you wouldn't even have to grep but use a display
filter for all noteworthy packets.

 Ciao
   Jörg