Thanks very much for your feedback. The -G flag is very cool indeed. In
fact, I can use that to see what new filter primitives are available when
new revs of Ethereal are released!
-----Original Message-----
From: Joerg Mayer [mailto:jmayer@xxxxxxxxx]
Sent: Wednesday, August 21, 2002 8:29 PM
To: Morgan, Chip E.
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: Where is the TCP Sequence Number Analysis fe ature in
0.9.6?
On Wed, Aug 21, 2002 at 04:11:29PM -0400, Morgan, Chip E. wrote:
> It worked on a 4600 packet capture that I've been looking at. However,
> I'm fumbling around trying to isolate the "analysis flagged" packets.
> There's no handy way (that I know of) to search the contents of the Info
> field from the GUI, and I didn't see any tcp seq# analysis specific filter
> primitives. I chose to run Tethereal on the capture file and grep the
> output, which did work, but is less than optimal.
These fields should be in the manpage: Search for tcp.an in it or run
tethereal -G | grep tcp.an
I hope I get this right because I'm on a system without tethereal rightn
now and work from memory.
> What I would like to be able to do as different protocol-specific
experts
> continue adding knowledge into the decodes is to be able to filter on
> ANYTHING OF INTEREST to one of these experts.
Hmm, nice idea. Yes, something like expert.tcp.xxx or expert.warn.tcp...
would be nice. That way, you wouldn't even have to grep but use a display
filter for all noteworthy packets.
Ciao
Jörg