|
EtherealRe: [ethereal-dev] Proposing some ethereal projects ... |
|
||
|
|
EtherealRe: [ethereal-dev] Proposing some ethereal projects ... |
|
||
On Sat, Jul 29, 2000 at 04:25:23PM +0200, Bert Driehuis wrote: > Well, I know what you're getting at here. It took me quite some time to > realize that Follow TCP Stream was just setting a display filter that I > could clear with the button in the lower regions of the window. With my > end-user hat on, I was looking to un-select the checkmark in the menu > (to find there is none), then proceeded to check the Edit Filters menu. > I didn't work it out until recently and just restarted Ethereal after > following a stream. The ability to quickly filter a display to show only packets in a given TCP stream (or other connection) is useful. However, it may be that this should be decoupled from the ability to get the contents of such a stream displayed in a separate window. (It may also be that the ability to get the contents of such a stream displayed in a separate window should include the ability to do so for non-text protocols.) > That said, I consider this to be a minor issue. The biggest thing to me > is the two sets of filter languages: the libpcap syntax for the capture, > and the display filters for the rest (and that would be a biggy, if at > all possible, to reconcile). It would, I think, be possible to translate a *subset* of the display filter syntax into libpcap syntax (some stuff you can do in display filters is difficult or impossible to turn into a BPF program). The question then would be whether we should support *only* that syntax, or also support libpcap syntax. We could do the latter by, if a capture filter expression cannot be parsed by Ethereal's parser (which turns the expression into a libpcap expression), we try parsing it as a libpcap expression, and complain if that doesn't work, either.
Powered by MHonArc 2.6.10