Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A suggestion to improve navigating in large captures

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Fri, 20 Feb 2015 06:50:58 -0800
On Fri, Feb 20, 2015 at 12:40 AM, Michal Orynicz
<michal.orynicz () tieto com> wrote:

Hi Richard,
isn't this functionality already there?

It's labeled as "next mark" and "previous mark"...


You are correct. It is just not where I would have expected it, so
perhaps our menu system is counter intuitive. I would have expected it
under the Go menu, but it is under the Edit menu (and I did not notice
that they were grayed out when I looked under the Edit menu, perhaps
because I was not expecting them there.)


On 20 February 2015 at 05:17, Richard Sharpe <realrichardsharpe () gmail com>
wrote:


Hi folks,

I often have to deal with large captures. They can be as large as
several GB, and I often have to do things like filter on a specific
type of packet, which will throw up a smallish number of packets of
interest, but I need to look at the packets around those of interest.

This involves selecting the first one of interest, eliminating the
filter, inspecting, but if that is not the area of interest, I
re-filter, then select the second packet of interest and go through
the whole process until I find the group of packets that I am
interested in.

Now, I noticed that in the Edit menu we can mark all displayed
packets. Then if the Go menu was enhanced with a Go To Next Marked the
workflow I mentioned would be much easier.

We could filter and if the packets are exactly what we are interested
in, we could Mark all displayed, then select the first, clear the
filter and then Go To Next Marked until we reach the group we are
interested in.

--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev

mailto:wireshark-dev-request () wireshark org?subject=unsubscribe





--
Pozdrawiam / Best regards
Michał Orynicz, Software Engineer
Tieto Corporation

Product Development Services

http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Orynicz
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorised use, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
812023656. Kapitał zakładowy: 4 271500 PLN

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe




-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: