Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10768] New: Add a help feature in tshark to print possible display filter matc

Wireshark-bugs: [Wireshark-bugs] [Bug 10768] New: Add a help feature in tshark to print possible

Date: Thu, 11 Dec 2014 19:07:59 +0000

Bug ID	10768
Summary	Add a help feature in tshark to print possible display filter matches
Product	Wireshark
Version	1.10.10
Hardware	x86
OS	Red Hat
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	TShark
Assignee	[email protected]
Reporter	[email protected]

Build Information:
TShark 1.10.10 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.1, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, with
Lua
5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos,
without GeoIP.

Running on Linux 2.6.32-358.el6.x86_64, with locale en_US.UTF-8, with libpcap
version 1.4.0, with libz 1.2.3.
Intel(R) Xeon(R) CPU           E5430  @ 2.66GHz

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-4).
--
This is a request for tshark to have the ability to print out possible display
filters that match the current text string the user has inputted. For example,
something like this (just picking -Q as an example argument type):

<pre>
#tshark -Q "tcp.flags."

tcp.flags.ack
tcp.flags.cwr
...
</pre>

In practice, one of the main disadvantages in using tshark as compared to the
GUI is that the GUI has several means to derive an appropriate display filter
to write a query for. You can right-click a protocol field and copy 'as filter'
to get it to your clipboard, you can start typing in the filter bar to have it
automatically list completions, etc. Tshark, though, has no such mechanism.

This could even be expanded to allow user visibility to 'comments' on a field
type or protocol container, as a second column of output when a list of
completion options is queried in the CLI. For example:

<pre>
#tshark -Q "tcp.flags."

tcp.flags.ack TCP <Comment about this field type>
tcp.flags.cwr TCP 
...
</pre>

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10768] Add a help feature in tshark to print possible display filter matches
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10768] Add a help feature in tshark to print possible display filter matches
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10766] 1.12.12 inconsistent with out-of-order and retransmission classification
Next by Date: [Wireshark-bugs] [Bug 10768] Add a help feature in tshark to print possible display filter matches
Previous by thread: [Wireshark-bugs] [Bug 9247] Crash in TCP reassemble when a read filter is applied yielding no results
Next by thread: [Wireshark-bugs] [Bug 10768] Add a help feature in tshark to print possible display filter matches
Index(es):
- Date
- Thread