No, unfortunately the filters I have to trap for errors are a set of
color filters. This doesn't mean they can't just be OR'd together to
make one overall Error filter. And of course my filters only trap for
the errors I typically work with. But we could start out by just having
everyone submit their error traps and we could build a global error
filter. Below are the ones I am currently trapping for. Of course mine
are geared to looking at Novell traces but you can get the idea.
TCP Errors
tcp.analysis.retransmission || tcp.analysis.lost_segment ||
tcp.analysis.out_of_order
Novell Server Busy
ncp.type == 0x9999
NCP Errors
ncp.completion_code != 0
NDS Errors
ncp.ndsreplyerror != 0
NDPS Errors
ndps.error_val != 0 || ndps.rpc_acc_stat != 0 || ndps.ret_code != 0
Novell Extended Attribute Errors
ncp.ea_error_codes != 0
Srvloc Errors
srvloc.errv2 != 0
Greg
>>> Guy Harris <guy@xxxxxxxxxxxx> 2/4/2004 1:14:36 PM >>>
On Feb 4, 2004, at 12:02 PM, Greg Morris wrote:
> Color filters are a great way for new users to be able to quickly go
> through a trace to locate errors. I have a set of color filters that
I
> distribute to my users that flags retransmisssion, NCP, SMB, SRVLOC,
> etc... error return values as Red.
Is that a "set of color filters", or a *single* color filter?
If it's a *single* color filter, perhaps the color filter list supplied
with Ethereal should have only one filter that checks for *all* errors
in *all* protocols.
> The remaining color filters that I do is based on protocol so I
color
> TCP packets one color and DNS packets another. Much the way that
> Sniffer
> does so that it gives the user much the same look and feel. I think
we
> just need to come to an agreement as to what colors fit for what
> protocols.
You're presuming that such an agreement would be possible; I don't know
that everybody wants the same color filters. (I would, personally,
uninstall any default color filter file installed on my machine - color
filters slow down capture loading, and, shocking as I suspect this
would be to many Ethereal users from what some users say, *I just don't
use color filters at all*.)
Perhaps if a site or organization wants to package a version of
Ethereal with a set of color filters useful in their environment, they
should do that; I'm not convinced that one can come up with a set of
color filters useful for everybody, other than, perhaps, a singleton
set with "mark errors in red" as the only such filter.
> Display and Capture filters - Yes these are unique to your
environment
I *didn't* make that argument about display and capture filters; that's
the one set of configuration files where I *don't* see an issue (other
than the lack of system-wide filter files) with supplying a default
file.