https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7728
--- Comment #15 from Guy Harris <guy@xxxxxxxxxxxx> 2012-10-23 19:27:33 PDT ---
(In reply to comment #14)
> (In reply to comment #13)
> > ...then again, maybe there should be a way of saying "show me all packets
> > {from,to} MAC-48 address XX:XX:XX:XX:XX:XX, *regardless* of whether they're
> > Ethernet or Token Ring or FDDI or 802.1 or... packets.
>
> I agree. Perhaps this should be done as the ability to filter on type, ie "show
> me all packets that have a field of FT_ETHER with the following value"? You
> wouldn't get the ability to filter on to/from, but I think it would be a lot
> less intrusive to implement.
Both would be separately useful, e.g. "show me all packets that refer to
192.9.200.1 anywhere", i.e. "show me all packets that contain an FT_IPv4 field
with the value 192.9.200.1" could be useful, as could "show me all packets with
the Source column being 192.9.200.1".
> > For network-layer addresses, that'd also let you do "host foo.example.com" and,
> > if "foo.example.com" has both IPv4 and IPv6 addresses, have it match either
> > one.
>
> This would make it quite a bit more complicated I think.
Yes, but that might still be useful - as might, for example, having "host
foo.example.com", and perhaps even "ip.{src,dest,addr} == foo.example.com"
matching *any* of the addresses returned for foo.example.com if it has multiple
IP addresses.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
