Wireshark · Ethereal-users: re: [Ethereal-users] Feature Request: Pre-flight capture filter

Ethereal-users: re: [Ethereal-users] Feature Request: Pre-flight capture filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard.E.Brown@xxxxxxxxxxxx (Richard E. Brown)

Date: 03 Jan 2005 07:44:41 EST

Guy:

Thanks for the speedy and thoughtful response. I concede that what you say is
true (Ethereal can't do a perfect job because it can't check certain things
until runtime because certain links/devices don't support it, etc.) And thus
there'll always be a need for the final test before doing the live capture. 

But I'm thinking of the new user (or occasional user, like me) here - someone
that has a problem, and has a very short amount of time to make Ethereal work
and solve that problem. Anything that Ethereal can do to make their initial
experience simpler/easier/with fewer hiccups will make them more productive and
happier.

I was thinking of these kinds of changes:

-	Ethereal *can* tell that certain expressions won't work as a capture filter.
For example, none of these will: "ip.addr==192.168.1.1" (it's a display filter
expression) or "Bandersnatch" (not an expression at all), or even "host 192.x"
(bad format IP address). These are common errors of new users, and pointing them
out immediately after they've made the error will help them learn faster and
feel more confident. 

- Ethereal only needs to check the expression for syntactical correctness when
the user indicates they've finished typing. When they click Save or Close, or
when they press Tab or click away from the Capture Filter field, it's clear that
they're moving on to something else. This would be a good time for the software
to check their entry and point out any errors.

- You anticipated another suggestion that I was going to make: splitting out the
parsing/checking as a separate function. That would allow Ethereal to make the
checks above in a straightforward manner, possibly with the red/green background
technique of the display filters. 

-	Your participation in the libcap development process will also help document
the capture filter options within the Ethereal man pages. You're well positioned
to know when filter capabilities change... :-) Again, the motivation for this is
that the new/infrequent user won't always want, or be able, to go to the tcpdump
site referred to in the help text.

Thanks!

Rich Brown
Hanover, NH

Prev by Date: [Ethereal-users] enquiry about ethereal and winpcap
Next by Date: Re: [Ethereal-users] enquiry about ethereal and winpcap
Previous by thread: Re: [Ethereal-users] enquiry about ethereal and winpcap
Next by thread: [Ethereal-users] Interface Detection Problems
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$