Re: [Wireshark-users] Proposed changes to make tcp.ack and tcp.seq relative

2020-05-07 Thread Peter Wu
On Tue, May 05, 2020 at 08:59:45AM -0400, Lee wrote: > On 5/4/20, Peter Wu wrote: > > Hi all, > > > > A request was filed earlier to add a new "tcp.ack_rel" field to ensure > > that color filters can be created that always work on the relative > > sequence numbers independent of the "Relative

Re: [Wireshark-users] Proposed changes to make tcp.ack and tcp.seq relative

2020-05-07 Thread Peter Wu
On Mon, May 04, 2020 at 04:52:02PM -0700, Jim Aragon wrote: > At 01:50 PM 5/4/2020, Peter Wu wrote: > > >A request was filed earlier to add a new "tcp.ack_rel" field to ensure > >that color filters can be created that always work on the relative > >sequence numbers independent of the "Relative

Re: [Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Bob Gustafson
Super - thanks much. With code too! Now, should I play with this new button Tool, or debug my coreos boot script... Best regards - BobG On 5/7/20 12:38 PM, Maynard, Chris via Wireshark-users wrote: It seems like the desired functionality is to inject a "marker" packet into the capture?  If

Re: [Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Bob Gustafson
On 5/7/20 12:05 PM, Graham Bloice wrote: On Thu, 7 May 2020 at 17:48, Bob Gustafson > wrote: Thanks Jaap. I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - no mark... Ahh, when I move cursor off packet to be marked, I see marked

Re: [Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Maynard, Chris via Wireshark-users
It seems like the desired functionality is to inject a "marker" packet into the capture? If so, you could use an external program, something like ping or nc, to do that. I tend to use a separate script for this, something such as: #!/bin/sh if (( ${#} < 1 )) then

Re: [Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Bob Gustafson
Thanks Jaap. I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - no mark... Ahh, when I move cursor off packet to be marked, I see marked packet as white on black rather than white on blue. The functionality I'm looking for is to actually store the user button (splat) in

Re: [Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Jaap Keuter
Hi Bob, Good to hear the program is helpful for your quest. As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others). You can also find the option in the Edit menu. Unfortunately these marks are not (yet)

[Wireshark-users] Newbee - propose Splat Button

2020-05-07 Thread Bob Gustafson
Hi list I'm in the process of working through the initial boot of a new box, a new os (coreos), and a new (to me) iPXE. It is a trial and error process for me - my coding is a bit sloppy and I don't read all of the instructions the first time around. Wireshark has been very helpful as the