Wireshark · Ethereal-dev: Re: [Ethereal-dev] Feature request

Ethereal-dev: Re: [Ethereal-dev] Feature request - Follow UDP Stream

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Kevin <kem2@xxxxxxx>

Date: Sat, 11 Oct 2003 21:26:38 -0400

I have to agree with Ian, when working on a trace, I can really focusmy concentration on what I am doing, not what I need to do.

When asked by analyzer vendors why I use Ethereal instead of theirproducts, my 1st answer is always that I can just USE the tool withouthaving to think about HOW to use the tool.

While other tools have nifty and pretty bells and whistles, you have toclick and poke to find what you need. Ethereal lets me work withoutreally thinking about what button to click or popping up a new menu todo a simple filter. This lets me concentrate on what I need to do,figure out the trace.

When a trace has a large number of conversations, I would not want toreprocess to get the conversation list and then build the filter, andreprocess a 2nd time. This would really break my concentration. Itis far easier to make up a filter (ala Follow TCP stream) than to buildthe conversation list and process the trace 2x;

That said, the ability to pull a conversation from the conversationlist is fantastic. One thing that would be a great addition here (yesanother request) is the ability to open the conversation in a newethereal window or process.


Thanks for a great tool

Kevin

On Saturday, October 11, 2003, at 10:40 AM, Ian Schorr wrote:

Yes, but it would be very nice if this could be done from the packetview, as well.
I love the conversation list feature. However, when I'm analyzing atrace and deciding that I want to concentrate on a particular"conversation" based on something I'm seeing while examining thepacket view, I shouldn't have to bring up the conversation list (andreprocess the entire trace), find the conversation that I want asecond time, and THEN filter down. Conversation list is for adifferent mental "mode" of analysis.
I often find it useful to select "Follow TCP stream" from the packetlist, it's a great shortcut when I'm trying to isolate a conversation.Sometimes I need the text reassembly, usually with the protocols Iexamine, I don't. Usually I just want the "conversation" isolation.
I've also been thinking that it would be extremely nice if we added aright-click option when an IP address field (or another L2 or L3address) is selected that allows us to quickly build an address filter(i.e. with IP address, it will automatically build an ip.addr==A.B.C.Ddisplay filter).
Ian

Follow-Ups:
- Re: [Ethereal-dev] Feature request - Follow UDP Stream
  - From: Ronnie Sahlberg

References:
- Re: [Ethereal-dev] Feature request - Follow UDP Stream
  - From: Ian Schorr

Prev by Date: [Ethereal-dev] ACN plugin
Next by Date: Re: [Ethereal-dev] Feature request - Follow UDP Stream
Previous by thread: Re: [Ethereal-dev] Feature request - Follow UDP Stream
Next by thread: Re: [Ethereal-dev] Feature request - Follow UDP Stream
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$