Re: How can Wireshark improve

[Guy Harris <guy () alum mit edu>]

On Apr 19, 2014, at 12:24 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:

> One think I would like to be able to do is "Show me all the SMB2
> requests where the smb2.flags.is_response == true && smb2.nt_status !=
> NT_STATUS_SUCCESS"

Presumably you mean "show me all the SMB2 transactions (requests and matching responses) where the response returned an 
error".

There's now a mechanism to, when saving filtered packets, save "related" packets.  I think this was introduced to allow 
the earlier fragments/segments of a reassembled packet to be saved, along with the final packet that matched the 
filter, but in at least some cases somebody might want to save the requests corresponding to replies that match the 
filter.

So perhaps there should be a way to have a display filter show related packets in addition to packets that match the 
packet-matching expression.

However, there are multiple flavors of "related", and sometimes you might want the corresponding requests but *not* 
other fragments/segments, and other times you might want the other fragments/segments but *not* the corresponding 
requests, and sometimes you might want both.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe