When searching for something in a trace, I usually first apply some filters, for example:
- http - then http and ip.addr == 10.10.1.2 - then http and ip.addr == 10.10.1.2 and http.request.method=="POST" Then usually comes "Follow TCP Stream". If there are multiple streams, I may have to go back to the last filter above, meaning "go find it in the filter list". Then scroll back to where I was, find the next stream and follow it. And so on. If I need to see what happened on some related stream, it's back to some filter, scroll through the packets, follow a stream, look up some field in the details pane, then back to my original method==POST stream. Multiple windows might help this somewhat because users probably dig around at a few levels when looking at a trace: looking for streams, looking for packets in a stream, etc. At each level, back/forward navigation would resemble clicking a button versus rewriting an url manually in the browser address bar. I constantly wish for a back button or "follow in a new window" when I do "follow stream" and realize it's not the one I want. I want to take a shot at implementing a proof of concept for this, but maybe this has been tried before or there's just a better way of navigating in a trace. So I'd like to hear what others think and whether this is a direction worth looking at. Regards, Bogdan
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
