Thanks very much for your feedback. The -G flag is very cool indeed. In fact, I can use that to see what new filter primitives are available when new revs of Ethereal are released!
-----Original Message----- From: Joerg Mayer [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 21, 2002 8:29 PM To: Morgan, Chip E. Cc: [EMAIL PROTECTED] Subject: Re: Where is the TCP Sequence Number Analysis fe ature in 0.9.6? On Wed, Aug 21, 2002 at 04:11:29PM -0400, Morgan, Chip E. wrote: > It worked on a 4600 packet capture that I've been looking at. However, > I'm fumbling around trying to isolate the "analysis flagged" packets. > There's no handy way (that I know of) to search the contents of the Info > field from the GUI, and I didn't see any tcp seq# analysis specific filter > primitives. I chose to run Tethereal on the capture file and grep the > output, which did work, but is less than optimal. These fields should be in the manpage: Search for tcp.an in it or run tethereal -G | grep tcp.an I hope I get this right because I'm on a system without tethereal rightn now and work from memory. > What I would like to be able to do as different protocol-specific experts > continue adding knowledge into the decodes is to be able to filter on > ANYTHING OF INTEREST to one of these experts. Hmm, nice idea. Yes, something like expert.tcp.xxx or expert.warn.tcp... would be nice. That way, you wouldn't even have to grep but use a display filter for all noteworthy packets. Ciao J�rg
