FrameSeer Help: Advanced Selection Techniques

Advanced Selection Techniques

The commands described below can be used in both the Capture and Decode tabs.

Select/Conversation

A conversation is any series of TCP or UDP packets where the source and destination IP addresses, and the source and destination ports, are the same.

The Select Conversation command uses the most-recently-selected packet as a template and then adds all the other packets in the same conversation to the selection.

The ability to select all the packets in a conversation is a simple way to focus on packets of interest.

Select/By Address

Use the commands in the Select/By Address hierarchical menu to select packets by addressing criteria. Each command uses the most-recently-selected packet as a template:

Source All packets which share the same source address are added to the selection. Remember that the Source column can show either the Data-Link or Network source address.

Data-Link Source All packets which share the same source MAC address are added to the selection.

Network Source All packets which share the same source network (IP, AppleTalk etc) address are added to the selection.

Destination All packets which share the same destination address are added to the selection. Remember that the Destination column can show either the Data-Link or Network destination address.

Data-Link Destination All packets which share the same destination MAC address are added to the selection.

Network Destination All packets which share the same destination network (IP, AppleTalk etc) address are added to the selection.

Select/By Protocol

Use the commands in the Select/By Protocol hierarchical menu to select packets by protocol criteria. Each command uses the most-recently-selected packet as a template:

Protocol All packets which share the same protocol are added to the selection. Remember that the Protocol column can show either a composite of the Transport Source and Destination protocols, or the Network protocol, or the Data-Link protocol.

Data-Link All packets which share the same data-link encapsulation protocol (eg IP) are added to the selection.

Network All packets which share the same network encapsulation protocol (eg TCP) are added to the selection.

Transport Source All packets which share the same source datagram encapsulation protocol (eg HTTP) are added to the selection.

Transport Destination All packets which share the same destination datagram encapsulation protocol (eg HTTP) are added to the selection.

Select/By Mark

The Select/By Mark command uses the most-recently-selected packet as a template:

If the template packet is marked, the selection will be changed to show all marked packets;

If the template packet is not marked, the selection will be changed to show all unmarked packets.

The commands described above can also be used in the Capture tab to extend the selection. To extend the selection:

Hold down the Command key and click on a packet to add it to the selection; then
Invoke the desired command (eg Select Conversation).

The packet added in step 1 will be used as the template for the command in step 2, and the results of the entire operation will be added to the selection.