Hello Janos,
On 1/5/12 12:45 PM, "János Löbb" <janos.lobb@xxxxxxxx> wrote:
> It would be nice if in the case of a display filtered stream
> by right clicking on a packet a window would be available to
> show "neighboring" unfiltered packets.
>
> That would allow me to see - without Clearing the filter - to
> see what query, a few packets before, produced the result
> shown by the packet in question. Similarly to the "Show
> Packets in new window", just it would "Show neighboring
> unfiltered packets in new window"
>
> Neighborhood could be set in preferences for :
> by packet numbers.
> by SEQ/ACK
> by ....
>
> and the range also could be configurable from 1 to 100 or so
> before and after the packet.
That sounds like it could be a useful feature.
So that this suggestion doesn't get lost you can file an enhancement
request in Wireshark's Bug Tracker at:
https://bugs.wireshark.org/bugzilla/
FWIW:
My workaround for the lack of this type of functionality is
to simply run two (2) instances of Wireshark. I'll open the
same tracefile in both copies; one Wireshark instance displays
the "cooked" (filtered) packets while the other instance
displays the "raw" (unfiltered) packets. This method allows
me to easily "goto" to an area of interest in the unfiltered
view simply by noting a packet number of interest from the
filtered view. Of course this particular technique won't
work unless the same trace file is available to both Wireshark
instances. This method is also somewhat of a pain to setup
to get two copies of Wireshark displayed in a usable manner
on a typical laptop display.
Best regards,
Jim Young
