Wireshark · Ethereal-dev: Re: [Ethereal-dev] FW: [Ethereal-users] GUI for filters

[Jaap Keuter <jaap.keuter@xxxxxxxxx>]

On Sat, 5 Feb 2005, John McDermott wrote:

> Well, I was thinking that since filters have names, one could create a gui
> that allowed one to select a particular named filter and then the AND or
> OR of selected filters if multiple filters were selected.  For instance,
> let's say a user saves three filters (or they are retrieved from some
> combination of local and system-wide config files):
>
> MYHOST ip.addr == 1.2.3.4
> SERVER ip.addr == 5.6.7.8
> WEB tcp.port == 80
>
> Then the filter selection window would show
>
> [] MYHOST    ip.addr == 1.2.3.4
> [] SERVER    ip.addr == 5.6.7.8
> [] WEB       tcp.port == 80
>
>    [] AND  [] OR
>
> So selecting the first would show traffic to/from me, selecting all three
> with AND would show me httping to the server (or vice versa).

Experience with another (non Ethenet-related) tool which sports such an
filter/sieve cascade tell's that it gets a bitch with more complex
expressions? Precedence rules of these multilevel filter expressions can
be tricky.

Is:
[   ]  MYHOST_TX   ip.src == 1.2.3.4
[ OR]  MYHOST_RX   ip.dst == 1.2.3.4
[AND]  WEB         tcp.port == 80

the same as:

[   ]  MYHOST      ip.addr == 1.2.3.4
[AND]  WEB         tcp.port == 80

the same as:

[   ]  MYHOST      ip.src == 1.2.3.4 || ip.dst == 1.2.3.4
[AND]  WEB         tcp.port == 80