Ethereal-users: RE: [Ethereal-users] Where is the TCP Sequence Number Analysis fe ature in 0.9.6

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Morgan, Chip E." <Chip.Morgan@xxxxxxxxxx>
Date: Wed, 21 Aug 2002 16:11:29 -0400
Jörg,
   Cool... 

   It worked on a 4600 packet capture that I've been looking at. However,
I'm fumbling around trying to isolate the "analysis flagged" packets.
There's no handy way (that I know of) to search the contents of the Info
field from the GUI, and I didn't see any tcp seq# analysis specific filter
primitives. I chose to run Tethereal on the capture file and grep the
output, which did work, but is less than optimal.

   Got any ideas on how I can do this better? Is there a specific piece of
text that I can search on that will show me every flagged packet, regardless
of what the "error" is? It looks like "[TCP " is a safe choice, but that's
just a guess. 

   What I would like to be able to do as different protocol-specific experts
continue adding knowledge into the decodes is to be able to filter on
ANYTHING OF INTEREST to one of these experts. I'm thinking about an Ethereal
version of the NAI Sniffer Expert flagging function. I don't know what the
Ethereal powers-that-be have already considered, but even something as basic
as adding the string Analysis or Expert to the Info field would allow me as
a Tethereal user to grep on that string. Perhaps yours could be TCP Expert,
or TCP Seq# Expert, etc. Maybe append the Expert name at the end of the Info
field to keep the analysis itself toward the "front" of the field?

   While I'm on a roll, it would be very cool to integrate the analysis in
the Time/Sequence Graph somehow...

Thanks again,
   Chip

-----Original Message-----
From: Joerg Mayer [mailto:jmayer@xxxxxxxxx]
Sent: Wednesday, August 21, 2002 3:27 PM
To: Morgan, Chip E.
Cc: 'ethereal-users@xxxxxxxxxxxx'
Subject: Re: [Ethereal-users] Where is the TCP Sequence Number Analysis
feature in 0.9.6?


On Wed, Aug 21, 2002 at 01:53:22PM -0400, Morgan, Chip E. wrote:
> w can I use this feature? I don't see any
> place in the UI to activate the analysis, and don't know exactly what to
> look for in traces to know that it's there.

Go to preferences go into the protocoll specific options, select tcp config
settings and turn it on.
 
  Ciao
      Jörg
--
Joerg Mayer                                          <jmayer@xxxxxxxxx>
I found out that "pro" means "instead of" (as in proconsul). Now I know
what proactive means.