Wireshark-dev: Re: [Wireshark-dev] packet-tcp.c (expert severity level of zero window)

From: "Jim Young" <sysjhy@xxxxxxxxxxxxxxx>
Date: Sat, 05 Apr 2008 18:38:02 -0400

Hello Ulf,

>>> Ulf Lamping <ulf.lamping@xxxxxx> 2008-04-05 16:16 >>>
> Having less messages at higher severity levels is a lot easier to work 
> with the expert infos, compared to dumped with all kinds of stuff.
> 
> As I wouldn't call myself a real TCP expert, what do others think?

The logic/reasoning behind the various "expert" info levels was raised 
several times during Sharkfest by Laura.   

Regarding the severity level for this particular case, I would tend to 
side with you, but I'm no TCP expert and ...

  "One man's trash is another man's treasure."  (and visa-versa) ;-)

I've experienced situations where one person's "error" might only 
warrant a "note" or "chat" (if even that) in my particular situation.  
But I've also had situations (using other "expert" systems) where 
something they consider a "chat" or "note" is actually an indication 
of a much more severe problem.

I started thinking about the need for an expert info configuration 
framework to allow the Wireshark user to tune the expert system to 
their specific needs.   This hypothetical configuration framework would 
not only allow you to enable/disable individual expert message types, 
but would allow the user to set which severity level the individual 
messages should be reported as.

Anyone think the idea of a expert info configuration framework is 
worthwhile submitting as a feature request?

Best regards,

Jim Y.