Ethereal-dev: Re: [Ethereal-dev] Feature request - Follow UDP Stream

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Kevin <kem2@xxxxxxx>
Date: Sat, 11 Oct 2003 21:26:38 -0400
I have to agree with Ian, when working on a trace, I can really focus my concentration on what I am doing, not what I need to do.
When asked by analyzer vendors why I use Ethereal instead of their products, my 1st answer is always that I can just USE the tool without having to think about HOW to use the tool.
While other tools have nifty and pretty bells and whistles, you have to click and poke to find what you need. Ethereal lets me work without really thinking about what button to click or popping up a new menu to do a simple filter. This lets me concentrate on what I need to do, figure out the trace.
When a trace has a large number of conversations, I would not want to reprocess to get the conversation list and then build the filter, and reprocess a 2nd time. This would really break my concentration. It is far easier to make up a filter (ala Follow TCP stream) than to build the conversation list and process the trace 2x;
That said, the ability to pull a conversation from the conversation list is fantastic. One thing that would be a great addition here (yes another request) is the ability to open the conversation in a new ethereal window or process. 

Thanks for a great tool

Kevin

On Saturday, October 11, 2003, at 10:40 AM, Ian Schorr wrote:
Yes, but it would be very nice if this could be done from the packet view, as well.
I love the conversation list feature. However, when I'm analyzing a trace and deciding that I want to concentrate on a particular "conversation" based on something I'm seeing while examining the packet view, I shouldn't have to bring up the conversation list (and reprocess the entire trace), find the conversation that I want a second time, and THEN filter down. Conversation list is for a different mental "mode" of analysis.
I often find it useful to select "Follow TCP stream" from the packet list, it's a great shortcut when I'm trying to isolate a conversation. Sometimes I need the text reassembly, usually with the protocols I examine, I don't. Usually I just want the "conversation" isolation.
I've also been thinking that it would be extremely nice if we added a right-click option when an IP address field (or another L2 or L3 address) is selected that allows us to quickly build an address filter (i.e. with IP address, it will automatically build an ip.addr==A.B.C.D display filter). 

Ian