On Sun, 6 Feb 2005 12:07:48 +0100 (CET), Jaap Keuter
<jaap.keuter@xxxxxxxxx> wrote:
On Sat, 5 Feb 2005, John McDermott wrote:
MYHOST ip.addr == 1.2.3.4
SERVER ip.addr == 5.6.7.8
WEB tcp.port == 80
Then the filter selection window would show
[] MYHOST ip.addr == 1.2.3.4
[] SERVER ip.addr == 5.6.7.8
[] WEB tcp.port == 80
[] AND [] OR
So selecting the first would show traffic to/from me, selecting all
three
with AND would show me httping to the server (or vice versa).
Experience with another (non Ethenet-related) tool which sports such an
filter/sieve cascade tell's that it gets a bitch with more complex
expressions? Precedence rules of these multilevel filter expressions can
be tricky.
Yes. I agree. I was explicitly not proposing this. The OP suggested
checkboxes and I was proposing those. All my ASCII-art boxes [] were
check boxes so one could only select individual filters, AND all selected
or OR all selected. My thought was that more complex filters would use
the current GUI.
Is:
[ ] MYHOST_TX ip.src == 1.2.3.4
[ OR] MYHOST_RX ip.dst == 1.2.3.4
[AND] WEB tcp.port == 80
the same as:
[ ] MYHOST ip.addr == 1.2.3.4
[AND] WEB tcp.port == 80
the same as:
[ ] MYHOST ip.src == 1.2.3.4 || ip.dst == 1.2.3.4
[AND] WEB tcp.port == 80
I think this is way too complicated. There are GUIs for building complex
filters, but really, I think that is overkill for Ethereal.
--john
--
John McDermott, CCP
Writer, Educator, Consultant
jjm@xxxxxxxxxx www.jkintl.com
V: +1 505/377-6293 F: +1 505/377-6313
