ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Back-forward navigation in main packet view

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Date: Tue, 28 Apr 2015 22:43:23 +0200
Hi Bogdan,

Do you have try the new Wireshark with Qt Gui ? because there is now a stream selector on Follow window...
Regards,

On Tue, Apr 28, 2015 at 10:56 AM, Bogdan Harjoc <harjoc@xxxxxxxxx> wrote:
When searching for something in a trace, I usually first apply some filters, for example:

- http
- then http and ip.addr == 10.10.1.2
- then http and ip.addr == 10.10.1.2 and http.request.method=="POST"

Then usually comes "Follow TCP Stream". If there are multiple streams, I may have to go back to the last filter above, meaning "go find it in the filter list". Then scroll back to where I was, find the next stream and follow it. 

And so on. If I need to see what happened on some related stream, it's back to some filter, scroll through the packets, follow a stream, look up some field in the details pane, then back to my original method==POST stream. 

Multiple windows might help this somewhat because users probably dig around at a few levels when looking at a trace: looking for streams, looking for packets in a stream, etc. At each level, back/forward navigation would resemble clicking a button versus rewriting an url manually in the browser address bar. 

I constantly wish for a back button or "follow in a new window" when I do "follow stream" and realize it's not the one I want.

I want to take a shot at implementing a proof of concept for this, but maybe this has been tried before or there's just a better way of navigating in a trace. So I'd like to hear what others think and whether this is a direction worth looking at.

Regards,
Bogdan


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube