Wireshark-dev: Re: [Wireshark-dev] A suggestion to improve navigating in large captures

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Fri, 20 Feb 2015 06:50:58 -0800
On Fri, Feb 20, 2015 at 12:40 AM, Michal Orynicz
<michal.orynicz@xxxxxxxxx> wrote:
> Hi Richard,
> isn't this functionality already there?
> It's labeled as "next mark" and "previous mark"...

You are correct. It is just not where I would have expected it, so
perhaps our menu system is counter intuitive. I would have expected it
under the Go menu, but it is under the Edit menu (and I did not notice
that they were grayed out when I looked under the Edit menu, perhaps
because I was not expecting them there.)

> On 20 February 2015 at 05:17, Richard Sharpe <realrichardsharpe@xxxxxxxxx>
> wrote:
>> Hi folks,
>> I often have to deal with large captures. They can be as large as
>> several GB, and I often have to do things like filter on a specific
>> type of packet, which will throw up a smallish number of packets of
>> interest, but I need to look at the packets around those of interest.
>> This involves selecting the first one of interest, eliminating the
>> filter, inspecting, but if that is not the area of interest, I
>> re-filter, then select the second packet of interest and go through
>> the whole process until I find the group of packets that I am
>> interested in.
>> Now, I noticed that in the Edit menu we can mark all displayed
>> packets. Then if the Go menu was enhanced with a Go To Next Marked the
>> workflow I mentioned would be much easier.
>> We could filter and if the packets are exactly what we are interested
>> in, we could Mark all displayed, then select the first, clear the
>> filter and then Go To Next Marked until we reach the group we are
>> interested in.
>> --
>> Regards,
>> Richard Sharpe
>> (何以解憂?唯有杜康。--曹操)
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> --
> Pozdrawiam / Best regards
> Michał Orynicz, Software Engineer
> Tieto Corporation
> Product Development Services
> http://www.tieto.com / http://www.tieto.pl
> ---
> ASCII: Michal Orynicz
> location: Swobodna 1 Street, 50-088 Wrocław, Poland
> room: 5.01 (desk next to 5.08)
> ---
> Please note: The information contained in this message may be legally
> privileged and confidential and protected from disclosure. If the
> reader of this message is not the intended recipient, you are hereby
> notified that any unauthorised use, distribution or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to
> the message and deleting it from your computer. Thank You.
> ---
> Please consider the environment before printing this e-mail.
> ---
> Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
> Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
> Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
> Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
> 812023656. Kapitał zakładowy: 4 271500 PLN
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Richard Sharpe