On Wed, Aug 21, 2002 at 04:11:29PM -0400, Morgan, Chip E. wrote:
> It worked on a 4600 packet capture that I've been looking at. However,
> I'm fumbling around trying to isolate the "analysis flagged" packets.
> There's no handy way (that I know of) to search the contents of the Info
> field from the GUI, and I didn't see any tcp seq# analysis specific filter
> primitives. I chose to run Tethereal on the capture file and grep the
> output, which did work, but is less than optimal.
These fields should be in the manpage: Search for tcp.an in it or run
tethereal -G | grep tcp.an
I hope I get this right because I'm on a system without tethereal rightn
now and work from memory.
> What I would like to be able to do as different protocol-specific experts
> continue adding knowledge into the decodes is to be able to filter on
> ANYTHING OF INTEREST to one of these experts.
Hmm, nice idea. Yes, something like expert.tcp.xxx or expert.warn.tcp...
would be nice. That way, you wouldn't even have to grep but use a display
filter for all noteworthy packets.
Ciao
Jörg