Wireshark-bugs: [Wireshark-bugs] [Bug 10768] New: Add a help feature in tshark to print possible
Bug ID |
10768
|
Summary |
Add a help feature in tshark to print possible display filter matches
|
Product |
Wireshark
|
Version |
1.10.10
|
Hardware |
x86
|
OS |
Red Hat
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
TShark
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
russelldelong@hotmail.com
|
Build Information:
TShark 1.10.10 (Git Rev Unknown from unknown)
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.26.1, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, with
Lua
5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos,
without GeoIP.
Running on Linux 2.6.32-358.el6.x86_64, with locale en_US.UTF-8, with libpcap
version 1.4.0, with libz 1.2.3.
Intel(R) Xeon(R) CPU E5430 @ 2.66GHz
Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-4).
--
This is a request for tshark to have the ability to print out possible display
filters that match the current text string the user has inputted. For example,
something like this (just picking -Q as an example argument type):
<pre>
#tshark -Q "tcp.flags."
tcp.flags.ack
tcp.flags.cwr
...
</pre>
In practice, one of the main disadvantages in using tshark as compared to the
GUI is that the GUI has several means to derive an appropriate display filter
to write a query for. You can right-click a protocol field and copy 'as filter'
to get it to your clipboard, you can start typing in the filter bar to have it
automatically list completions, etc. Tshark, though, has no such mechanism.
This could even be expanded to allow user visibility to 'comments' on a field
type or protocol container, as a second column of output when a list of
completion options is queried in the CLI. For example:
<pre>
#tshark -Q "tcp.flags."
tcp.flags.ack TCP <Comment about this field type>
tcp.flags.cwr TCP
...
</pre>
You are receiving this mail because:
- You are watching all bug changes.