that you can tell from examination whether the search is forward or
backward.
Make the cf_find_packet routines take the direction as an explicit
argument, rather than, in the cases where you don't want to permanently
set the direction, saving the direction in the capture_file structure,
changing it, doing the search, and restoring the saved direction. Give
more information in the Doxygen comments for those routines.
Add a cf_find_packet_dfilter_string() routine, which takes a filter
string rather than a compiled filter as an argument. Replace
find_previous_next_frame_with_filter() with it.
Have cf_read_frame_r() and cf_read_frame() pop up the error dialog if
the read fails, rather than leaving that up to its caller. That lets us
eliminate cf_read_error_message(), by swallowing its code into
cf_read_frame_r(). Add Doxygen comments for cf_read_frame_r() and
cf_read_frame().
Don't have find_packet() read the packet before calling the callback
routine; leave that up to the callback routine.
Add cf_find_packet_marked(), to find the next or previous marked packet,
and cf_find_packet_time_reference(), to find the next or previous time
reference packet. Those routines do *not* need to read the packet data
to see if it matches; that lets them run much faster.
Clean up indentation.
svn path=/trunk/; revision=33791
updates are off and which sets the capture file state to a value that
won't cause an assertion when the user stops capturing. Fixes bug 4035.
svn path=/trunk/; revision=33005
we can use it in the main window title during and after capture. Add a
"-X" option for providing a description for stdin.
svn path=/trunk/; revision=32357
As now, when Wireshark save capture files, it show "Loading" in status bar and
in the dialog box, warning many users of lost them packets. Saving work as expected.
Is simply a GUI use interaction problem.
svn path=/trunk/; revision=31269
a protocol tree;
the column values.
This includes stats-tree listeners.
Have the routines to build the packet list, and to retap packets, honor
those requirements. This means that cf_retap_packets() no longer needs
an argument to specify whether to construct the column values or not, so
get rid of that argument.
This also means that there's no need for a tap to have a fake filter
to ensure that the protocol tree will be built, so don't set up a fake
"frame" filter.
While we're at it, clean up some cases where "no filter" was represented
as a null string rather than a null pointer.
Have a routine to return an indication of the number of tap listeners
with filters; use that rather than the global num_tap_filters.
Clean up some indentation and some gboolean vs. gint items.
svn path=/trunk/; revision=28645
capture callbacks the capture_options * as its second argument in all
cases. This makes it a bit clearer what arguments callbacks take, and
means we can get rid of all global_capture_opts references in
gtk/main_statusbar.c.
Put the interface between gtk/main.c and gtk/main_statusbar.c into a
private header.
svn path=/trunk/; revision=25576
g_mallocated string, so it's not const.
Fix a comment to reflect reality (err_info is some additional
information about the error returned by Wiretap, e.g. some gory details
about the error, mainly useful to developers and support people).
svn path=/trunk/; revision=25401
Attached is a patch to export packets data as "C Arrays". I often have
the need to [re]send data captured with wireshark using a raw/pf_packet socket.
Output format is one char[] per packet, it looks like almost the same as
the one produced by "Follow TCP stream".
svn path=/trunk/; revision=24604
and there are no formats in which the file can be saved by some means
other than copying the raw data; "Save As" isn't a very useful function
in that case, and that prevents us from having an empty list of formats
in which the file can be saved.
svn path=/trunk/; revision=21032
cf_cb_file_closing (called before closing a capture file) cf_cb_file_closed will be called afterwards, but both only if a file is really closed as cf_close is called more often ...
If we are closing large capture files (~20MB), the screen looks ugly while the file is closed. Change this so the screen will immediately go back to initial state and a dialog (without buttons) is shown that the file is currently closed. As the operation which takes most of the time to close the file is a single eth_clist_clear call, we can't use a progress bar here.
cf_cb_live_capture_stopping: called when the user wants to stop the capture (toolbar or menu clicked). At least on Win32, the time between this and the actual stop completed can be noticeable (1-2 seconds), so the user doesn't know if the button press did anything at all. Do something similar as above, show a dialog box without buttons to inform that the close is in progress.
svn path=/trunk/; revision=15891
currently limited to Ethereal and all the variants of libpcap filetypes only.
We might want to add output compression support to the other tools as well (tethereal, mergecap, ...).
We might also want to add support for the other filetypes, but this is only possible if the filetype functions doesn't use special output operations like fseek.
One bug is still left: if the input and output filetypes while saving are the same, Ethereal currently optimizes this by simply copy the binary file instead of using wiretap (so it will be faster but it will ignore the compress setting).
Don't know a good workaround for this, as I don't know a way to find out if the input file is currently compressed or not. One idea might be to use a heuristic on the filesize (compared to the packet size summmary). Another workaround I see is to remove this optimization, which is of course not the way I like to do it ...
svn path=/trunk/; revision=15804
generate columns; use cf_retap_packets instead of cf_redissect_packets()
when running taps (the general flow graph stat uses the Info column).
svn path=/trunk/; revision=15793
to prevent problems, bring the main GUI into "capture mode" right after successfully spawn/exec the capture child, without waiting for any response from it
svn path=/trunk/; revision=14436
-show the current capture file size, if capturing in real time mode.
-move the packet "Drops" count (if available) from file to packets statusbar part
svn path=/trunk/; revision=14130
display filename in statusbar while capturing
print_usage banner fixed
cf_cb_live_capture_prepare no longer needed
rename sync_pipe_do_capture -> sync_pipe_start
bugfix: sync_pipe_input_wait_for_start replaced by former implementation
fix cleanup of old file in capture_input_new_file
fix a tempfile detection bug (named file showed up as tempfile after capture)
svn path=/trunk/; revision=14053
most notably:
- moved opening of safe_file to the capture child (capture_loop.c)
- removed save_file_fd from capture_opts (no longer need to have it global)
svn path=/trunk/; revision=13953
This is currently still disabled, as we cannot pass all required capture flags to the child process (lack of command line parameters).
svn path=/trunk/; revision=13558
file name argument; if the pointed-to pointer is null, it opens a
temporary file, and sets that pointer to a mallocated copy of the
pathname of the temporary file. It no longer needs a file descriptor as
an argument.
svn path=/trunk/; revision=13419
instead of already invoking cf_cb_live_capture_started in capture.c, I've introduced the new event cf_cb_live_capture_prepare which only has to set the main windows title and nothing more.
svn path=/trunk/; revision=13355
to the "start live capture" callback, and call that from "do_capture()".
When opening a capture file, don't pop up the "What do you want to do?"
pane when closing any existing file you have open, as we're just going
to put the regular view up right after that.
svn path=/trunk/; revision=13332
Mark the "func" argument to "cf_callback_remove()" as unused.
Get rid of the "iface" argument to "cf_start_tail()", as it's no longer
used.
svn path=/trunk/; revision=13331
I've implemented a very simple callback mechanism which provides exactly this. I've tried GHook from GLib before, but this doesn't seem to be the right thing, as it's too inflexible for the purpose here.
So I've implemented a callback function in main.c which receives all "events" and spreads them to menu, statusbar and itself.
I would see this implementation as a prototype which may need improvements. Please comment the changes.
svn path=/trunk/; revision=13330
move another two capture related fields (iface and cfilter) from cfile to capture_opts
also move the handling of capture related command line options from main.c to capture.c, that way a future privilege seperated capture program can use the same code to parse it's command line than Ethereal.
It might be even possible to share this parser code even with Tethereal, didn't took a closer look at this.
svn path=/trunk/; revision=13320
cf_ functions, have separate ones for different classes of routines, and
use gboolean when the return value is just "success" or "failure" - that
way you don't get compiler warnings if a case statement isn't handling a
particular status value if the routine in question won't return it.
svn path=/trunk/; revision=13293
This includes: all functions in file.h now have a cf_ prefix, will have doxygen tags, will have the capture_file *cf as the first parameter and I tried to generalize the return values for non trivial functions.
Hopefully, I didn't introduced any new bugs, as I had to change a lot of files...
svn path=/trunk/; revision=13289
don't use global cfile at all but only an untpyed handle to call the cf_... functions in file.c
move the save_file member from capture_file to capture_opts, as it's only used while capturing and while preparing it
svn path=/trunk/; revision=13276
one.
"get_basename()" doesn't modify its argument, and its callers don't
modify the substring pointed to by the result, so make it take a "const
char *" as an argument and return a "const char *".
"find_last_pathname_separator()" doesn't modify its argument, so make it
a "const char *" - but some of its callers pass a non-"const" "char *"
and modify the result, so don't make its return value a "const char *".
And, as none of its callers are outside "filesystem.c", make it static.
In "about_folders_page_new()", have separate variables for pathnames
returned as "const char *" (which are cached by the routine that returns
them, so you can't modify them - and can't free them, so get rid of the
commented-out "g_free()" calls for them) and pathnames returned as "char
*" (which are allocated anew for each call, and can be modified, but
have to be freed).
Clean up white space.
svn path=/trunk/; revision=12881
and use that information to provide better error messages.
Have "merge_open_outfile()" do all the work of filling in the
merge_out_file_t structure, with the values to use passed as arguments.
Get rid of some structure members that used to be used solely to pass
information to "merge_open_outfile()".
Add a "cf_merge_files()" routine to do the merging and reporting of errors.
svn path=/trunk/; revision=12420
really more of an Ethereal/Tethereal component than a libethereal
component (nothing else in libethereal knows about capture files); move
it back out of libethereal. (The range stuff doesn't; we leave it in
libethereal.)
svn path=/trunk/; revision=11898
they should ultimately be split into files with routines that handle
ranges, which are just subsets of [0,2^32), and packet ranges, which are
subsets of the packet list, possibly specified by a range.
Move them into epan, so they can be used by, for example, utilities that
handle ranges, such editcap.
svn path=/trunk/; revision=11890
they have LF at the end of the line on UN*X and CR/LF on Windows;
hopefully this means that if a CR/LF version is checked in on Windows,
the CRs will be stripped so that they show up only when checked out on
Windows, not on UN*X.
svn path=/trunk/; revision=11400
the "text vs. PostScript" choice. The "text vs. PostScript" choice
should probably ultimately be done with a generic set of print methods,
to handle various platform-native print mechanisms more cleanly (and
perhaps the dialog box code for "export as {PDML,PSML}" should be
separate from the "export as text"/"print" dialog).
svn path=/trunk/; revision=11342
put the definition of it back under HAVE_LIBPCAP and don't add an extra
declaration in "file.h", as there's no longer code that needs to refer
to it if HAVE_LIBPCAP isn't defined.
svn path=/trunk/; revision=10350
I don't know whether this is the optimal patch, but it does the job.
file.h: extern declaration of auto_scroll_live
file.c: always declare auto_scroll_live
svn path=/trunk/; revision=10347
"main_filter_packets()", to force the filtering to be done even if the
filter is the same as the current one; this is necessary in order to
make sure "Follow TCP Stream" gets the packets processed even if you're
filtering the stream that's currently filtered in.
svn path=/trunk/; revision=10209
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
"capture_file" structure. Keep it locally, instead.
Check for errors when printing packets.
Report failure to open a print destination and failure to write to a
print destination differently.
Don't have the "print preamble" and "print final" routines return
success/failure indications - revert to the old scheme where they
didn't, and have the callers use "ferror()" to check for errors.
Report write errors when printing dissections in Tethereal.
Report print errors as errors, not warnings.
svn path=/trunk/; revision=9828
"cf_write_error_message()"/"file_write_error_message()".
Use "file_open_error_message()" instead of "cf_open_error_message()" in
some places we missed in the previous checkin.
Catch ENOSPC and EDQUOT in "file_open_error_message()".
Use "file_open_error_message()" rather than "file_write_error_message()"
to report errors when creating the file to which we're saving the
"Follow TCP Stream" data.
svn path=/trunk/; revision=9823
translate UNIX errno values to a somewhat friendly message format
string.
Rename "file_open_error_message()" in "file.c" to
"cf_open_error_message()", make "cf_open_error_message()" use the new
"file_open_error_message()" for UNIX errno values, have "do_capture()"
in "capture.c" use "file_open_error_message()" to report errors from
"open()", and make "cf_open_error_message()" static as nothing outside
"file.c" uses it.
Do similar stuff in "tethereal.c".
svn path=/trunk/; revision=9821
b.) added new feature "Edit->Go To First Packet" "Edit->Go To Last Packet" with corresponding menu and toolbar items
c.) added new feature "View->Zoom In" / "View->Zoom Out" / View->Normal Size" with corresponding menu and toolbar items
This feature will act as a "size offset" to the current fontsize, so that the packet list/tree view/... will have a larger/smaller font size.
The value is stored inside the recent file.
d.) Win32 only: Try to get the win32 system font and fontsize at program startup and show the menus/dialogs and such with the same font and fontsize like other win32 windows.
This makes the program make a *lot* more feel like a normal win32 program.
svn path=/trunk/; revision=9753
them and running all taps on them, but not reconstructing the packet
list. Use that in the IO-stat tap rather than "redissect_packet()"; the
latter does more work and redraws the display, neither of which are
necessary.
Call the filter callback when the Calc field is changed, to redraw the
graphs; that change also fixes things so that it's called when the
Filter field is changed.
Rename the "filter_button" member of an io_stat_graph_t to
"filter_field", as it's not the "Filter:" button, it's the text field
containing the filter expression.
svn path=/trunk/; revision=9659
One can now select a packet and mark it as a TimeReference packet using the menu.
A TimeReference packet will be indicated by having all timestamp related column entries replaced by the string *REF*
A TimeReference packet will always be displayed in the packet pane, and overrides any display filters.
When a frame is a TimeReference frame, all later frames will calculate the TimeRelativeToFirstPacket relative to the timestamp of the TimeReference frame instead of the first frame of the capture.
You can have any number of TimeReference frames you like.
svn path=/trunk/; revision=8459
so we shouldn't torment the users by offering it.
Check the string type and convert it to an internal representation in
the GUI code; have the search code deal only with the internal
representation.
Save the case-sensitivity flag, and the indication of where string
searches look, along with other search parameters.
Upper-casify the string, for case-insensitive searches, in the GUI code;
don't save the upper-casified string, so it doesn't SHOUT at you when
you next pop up a "find" dialog.
Convert the hex value string to raw binary data in the GUI code, rather
than doing so in the search code. Check that it's a valid string.
Connect the signals to the radio buttons after the pointers have been
attached to various GUI items - the signal handlers expect some of those
pointers to be attached, and aren't happy if they're not.
Have "find_packet()" contain a framework for searching, but not contain
the matching code; instead, pass it a pointer to a matching routine and
an opaque pointer to be passed to the matching routine. Have all the
routines that do different types of searching have their own matching
routines, and use the common "find_packet()" code, rather than
duplicating that code.
Search for the Info column by column type, not by name (the user can
change the name).
When matching on the protocol tree, don't format the entire protocol
tree into a big buffer - just have a routine that matches the text
representation of a protocol tree item against a string, and, if it
finds a match, sets a "we found a match flag" and returns; have that
routine not bother doing any more work if that flag is set.
(Unfortunately, you can't abort "g_node_children_foreach()" in the
middle of a traversal.)
Free the generated display filter code after a find-by-display-filter
finishes.
svn path=/trunk/; revision=8306
equivalents for the toplevel directory. The removal of winsock2.h will
hopefully not cause any problems under MSVC++, as those files using
struct timeval still include wtap.h, which still includes winsock2.h.
svn path=/trunk/; revision=5932
Allow "-" as the output file name in Wiretap, referring to the
standard error.
Optimize the capture loop.
Fix some of the error-message printing code in Ethereal and Tethereal.
Have Wiretap check whether it can seek on a file descriptor, and pass
the results of that test to the file-type-specific "open for output"
routine. Have the "open for output" routines for files where we need to
seek when writing the file return an error if seeks don't work.
svn path=/trunk/; revision=5884
"colfilter" structure contained items of use only when the colorizing
dialog was up, so make the items in it private to "gtk/color_dlg.c".
Make the "Edit" and "Delete" buttons sensitive only when a row is
selected, and make the "Up" and "Down" buttons sensitive only when a row
is selected *and* that row has somewhere to move in the specified
direction.
svn path=/trunk/; revision=5575
Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2954
files from being #included in epan/packet.c.
Fix the other files that need either "gtk/colors.h" or <gtk/gtk.h> #included
as a result of not pulling in gtk/colors.h automatically because of file.h.
svn path=/trunk/; revision=2519
"top-level" dissectors that libepan-users call, instead of dissect_packet().
The epan_dissect_t holds the tvbuff after dissection so that the tvbuff's
memory is not cleared until after the proto_tree is freed. (I might stuff
the proto_tree into the epan_dissect_t, too).
What remains of dissect_packet() in packet.c handles the tvbuff initialiation.
The real meat of dissect_packet() is now in dissect_frame(), in packet-frame.c
This means that "packet.c" is no longer a dissector, os it is no longer
passed to make-reg-dotc.
Once dissect_fddi() gets two wrapper functions (dissect_fddi_swapped()
and dissect_fddi_nonswapped()), the a dissector handoff routine could
be used instead of the switch statement in dissect_frame(). I'd register
a field like "wtap.encap"
svn path=/trunk/; revision=2478
the middle mouse button. The marked packets are displayed in
reverse video but this should change in the future (the color
should be configurable via the GUI).
Then, the marked packets can be saved (via the "Save as"
window dialog).
Other features will be added in the future (I am waiting for
your comments and wishes).
svn path=/trunk/; revision=2322
Anders Broman