On Thu, Jun 13, 2002 at 03:59:08PM +0100, Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx wrote:
> But there's still something odd.
> When I select any one of the 4 graphs in the sub menu, I get an error
> message "Ethereal Warning: Selected packet is not a TCP Segment" even when
> the packet is a TCP. I upgraded from 0.9.3 to 0.9.4 today and get the same
> message. See attached PNG.
What's the link layer protocol? Is there any form of tunneling being
done? The TCP Stream Analysis code only supports some link layers (as it
does its own parsing of the raw frame to find the TCP headers, rather
than using Ethereal's parser).
> I still don't get a pull-right menu on for Match or Prepare regardless of
> which frame is selected.
If you use the "Match" or "Prepare" right-mouse-button menu items in the
topmost (packet list) pane, the mouse has to be over a column on which
the code that implements "Match" and "Prepare" supports; it doesn't
support the Protocol or Info columns.
If you use it in the middle (protocol tree) pane, you must have selected
a protocol tree item that has a field associated with it (it doesn't use
the field the mouse is over, it uses the selected field).
> But "Follow TCP Stream" does work, so at least
> some part of Ethereal recognisies a TCP sequence when it sees one.
The "Follow TCP Stream" code does use Ethereal's frame parsing code
rather than having its own parsing code, unlike the "TCP Stream
Analysis" code.
