Back-forward navigation in main packet view

[Bogdan Harjoc <harjoc () gmail com>]

When searching for something in a trace, I usually first apply some
filters, for example:

- http
- then http and ip.addr == 10.10.1.2
- then http and ip.addr == 10.10.1.2 and http.request.method=="POST"

Then usually comes "Follow TCP Stream". If there are multiple streams, I
may have to go back to the last filter above, meaning "go find it in the
filter list". Then scroll back to where I was, find the next stream and
follow it.

And so on. If I need to see what happened on some related stream, it's back
to some filter, scroll through the packets, follow a stream, look up some
field in the details pane, then back to my original method==POST stream.

Multiple windows might help this somewhat because users probably dig around
at a few levels when looking at a trace: looking for streams, looking for
packets in a stream, etc. At each level, back/forward navigation would
resemble clicking a button versus rewriting an url manually in the browser
address bar.

I constantly wish for a back button or "follow in a new window" when I do
"follow stream" and realize it's not the one I want.

I want to take a shot at implementing a proof of concept for this, but
maybe this has been tried before or there's just a better way of navigating
in a trace. So I'd like to hear what others think and whether this is a
direction worth looking at.

Regards,
Bogdan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe