Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dealing with aggregated packets

From: Roland Knall <rknall () gmail com>
Date: Mon, 2 Jul 2018 22:05:19 +0200
This is a feature, that has been discussed on/off for a longer time now. I
think, this mockup is by far the best I've seen so far. You have my vote
for implementing it, and I think it will be a big improvement.

cheers
Roland

Am Mo., 2. Juli 2018 um 21:19 Uhr schrieb Darien Spencer <cusneud () mail com>:


Hey devs
There's something that has been bothering me in my wireshark experience
and I wanted to bring to discussion
*Some protocols can aggregate several payloads *such as *SCTP and TCP*
Viewing those in wireshark could be difficult if many payloads are present.
Specificly *the Info column gets long quickly *(assuming fences are used)

Here is an example - the info column of a SCTP packet with 6 payloads:
https://i.imgur.com/GeA2WmU.png

It can be challenging to spot a specific packets in those overpopulated
info columns
further more, once you find the right packet by the info column you are
served with your next challenge -
finding which of the aggregated packets in the protocol tree is the one
you are looking for.

I was thinking about introducing a newer concept to wireshark in the form
of *"sub-packets"*
Maybe that's a cosmetic feature to add to the Qt GUI and maybe it required
some changes to the dissection engine. I'm not familiar enought with the
GUI to tell.
What I had in mind is an option to 'expend' a packet in the main view so
its aggregated sub packets are seen in a tree under it
Here's a mock hoping it's get the idea across:
https://i.imgur.com/WfSvg6x.png

I can imagine how this might require a change to the way info is saved in
the dissectors.


Does anyone else feel this is an issue when analysing traffic?
Is this a feature fitting the GUI/User experience guidelines of wireshark?

Cheers,
Darien

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: