Wireshark · Ethereal-dev: RE: [Ethereal-dev] RE: Where is the TCP Sequence Number Analysis fe ature in 0.9.6?

Ethereal-dev: RE: [Ethereal-dev] RE: Where is the TCP Sequence Number Analysis fe ature in 0.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Khachaturov Vassilii <Vassilii.Khachaturov@xxxxxxxxxxxx>

Date: Thu, 22 Aug 2002 12:26:55 -0400

If you install it properly with the manpages,
you'll have the same info in the manpages in a much cooler formatted way
- it's generated from the -G output during the manpage build, so the manpage
is always up-to-date with respect to the new filters added.

> -----Original Message-----
> From: Morgan, Chip E. [mailto:Chip.Morgan@xxxxxxxxxx]
> Sent: Thursday, August 22, 2002 8:13 AM
> To: 'Joerg Mayer'
> Cc: ethereal-dev@xxxxxxxxxxxx
> Subject: [Ethereal-dev] RE: Where is the TCP Sequence Number 
> Analysis fe ature in 0.9.6?
> 
> 
> Thanks very much for your feedback. The -G flag is very cool 
> indeed. In
> fact, I can use that to see what new filter primitives are 
> available when
> new revs of Ethereal are released!
> 
> -----Original Message-----
> From: Joerg Mayer [mailto:jmayer@xxxxxxxxx]
> Sent: Wednesday, August 21, 2002 8:29 PM
> To: Morgan, Chip E.
> Cc: ethereal-dev@xxxxxxxxxxxx
> Subject: Re: Where is the TCP Sequence Number Analysis fe ature in
> 0.9.6?
> 
> 
> On Wed, Aug 21, 2002 at 04:11:29PM -0400, Morgan, Chip E. wrote:
> >    It worked on a 4600 packet capture that I've been 
> looking at. However,
> > I'm fumbling around trying to isolate the "analysis 
> flagged" packets.
> > There's no handy way (that I know of) to search the 
> contents of the Info
> > field from the GUI, and I didn't see any tcp seq# analysis 
> specific filter
> > primitives. I chose to run Tethereal on the capture file 
> and grep the
> > output, which did work, but is less than optimal.
> 
> These fields should be in the manpage: Search for tcp.an in it or run
> tethereal -G | grep tcp.an
> I hope I get this right because I'm on a system without 
> tethereal rightn
> now and work from memory.
> 
> >    What I would like to be able to do as different protocol-specific
> experts
> > continue adding knowledge into the decodes is to be able to 
> filter on
> > ANYTHING OF INTEREST to one of these experts.
> 
> Hmm, nice idea. Yes, something like expert.tcp.xxx or 
> expert.warn.tcp...
> would be nice. That way, you wouldn't even have to grep but 
> use a display
> filter for all noteworthy packets.
> 
>  Ciao
>    Jörg
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>

Prev by Date: [Ethereal-dev] interested in DCE-RPC endpoint mapper (EPM) replies for Linux netfilter firewalling
Next by Date: Re: [Ethereal-dev] SDP Fix
Previous by thread: [Ethereal-dev] interested in DCE-RPC endpoint mapper (EPM) replies for Linux netfilter firewalling
Next by thread: [Ethereal-dev] Developing ethereal without gtk installed
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$