When searching for something in a trace, I usually first apply some filters, for example:
- http
- then http and ip.addr == 10.10.1.2
- then http and ip.addr == 10.10.1.2 and http.request.method=="POST"
Then usually comes "Follow TCP Stream". If there are multiple streams, I may have to go back to the last filter above, meaning "go find it in the filter list". Then scroll back to where I was, find the next stream and follow it.
And so on. If I need to see what happened on some related stream, it's back to some filter, scroll through the packets, follow a stream, look up some field in the details pane, then back to my original method==POST stream.
Multiple windows might help this somewhat because users probably dig around at a few levels when looking at a trace: looking for streams, looking for packets in a stream, etc. At each level, back/forward navigation would resemble clicking a button versus rewriting an url manually in the browser address bar.
I constantly wish for a back button or "follow in a new window" when I do "follow stream" and realize it's not the one I want.
I want to take a shot at implementing a proof of concept for this, but maybe this has been tried before or there's just a better way of navigating in a trace. So I'd like to hear what others think and whether this is a direction worth looking at.
Regards,
Bogdan