On Jul 4, 2011, at 8:49 AM, Sake Blok wrote:
> Where do you need that info, in the frame section of the packet details we list the following:
>
> Coloring Rule Name: ___tmp_color_filter___01
> Coloring Rule String: (ip.addr eq 192.168.0.104 and ip.addr eq 208.117.232.170) and (tcp.port eq 50388 and tcp.port eq 80)
If the rule isn't saved in the colorfilters file, does the rule's name serve any purpose other than to identify the rule in places such as the Frame section of the packet details? Can you, for example, edit the rule, by name, to change its color?
If the rule name is not useful, just calling that one "Conversation rule" might suffice...
> Or (when using a field to create the temporary coloring filter):
>
> Coloring Rule Name: ___tmp_color_filter___01
> Coloring Rule String: ip.id == 0x59fe
...and calling that one "Field rule" might suffice.
If the name is useful, the name of the first rule might be
Conversation 192.168.0.104:50388 <-> 208.117.232.170:80
to summarize the conversation endpoints (if there are multiple such rules, a number could, for example, be added after "Conversation"), and the name of the second rule might just be its rule string.
