On Fri, 4 Feb 2005 13:31:26 -0600, Filonenko Alexander-AAF013
<AAF013@xxxxxxxxxxxx> wrote:
We are trying replace a home-grown Ethernet analysis tool with Ethereal.
The old tool has a very convenient GUI for custom filter setup which
represents 48 conditions. Users can setup a filter very quickly
enable/disable a condition by clicking on the associated checkbox.
Typically users have 12 to 20 conditions enabled. It is essential that
filter setup is user friendly. The conditions can be easily written in
Ethereal filter language but editing and verifying such a string becomes
difficult.
What could be a workaround right now? I do not think that saving all
combinations is useful - too many.
Well, I was thinking that since filters have names, one could create a gui
that allowed one to select a particular named filter and then the AND or
OR of selected filters if multiple filters were selected. For instance,
let's say a user saves three filters (or they are retrieved from some
combination of local and system-wide config files):
MYHOST ip.addr == 1.2.3.4
SERVER ip.addr == 5.6.7.8
WEB tcp.port == 80
Then the filter selection window would show
[] MYHOST ip.addr == 1.2.3.4
[] SERVER ip.addr == 5.6.7.8
[] WEB tcp.port == 80
[] AND [] OR
So selecting the first would show traffic to/from me, selecting all three
with AND would show me httping to the server (or vice versa).
Would this fit your need?
--john
PS, I am not volunteering to do this right now, just sharing a suggestion
of how I'd like to see it.
--
John McDermott, CCP
Writer, Educator, Consultant
jjm@xxxxxxxxxx www.jkintl.com
V: +1 505/377-6293 F: +1 505/377-6313
