User Guide
Advanced Topics
113
The following will first describe the components of a single expert info, then the User Interface.
7.3.1. Expert Info Entries
Each expert info will contain the following things which will be described in detail below:
Table 7.1. Some example expert infos
Packet # Severity Group Protocol Summary
1 Note Sequence TCP Duplicate
ACK (#1)
2 Chat Sequence TCP Connection
reset (RST)
8 Note Sequence TCP Keep-Alive
9 Warn Sequence TCP Fast
retransmission
(suspected)
7.3.1.1. Severity
Every expert info has a specific severity level. The following severity levels are used, in parentheses are
the colors in which the items will be marked in the GUI:
• Chat (grey): information about usual workflow, e.g. a TCP packet with the SYN flag set
• Note (cyan): notable things, e.g. an application returned an "usual" error code like HTTP 404
• Warn (yellow): warning, e.g. application returned an "unusual" error code like a connection problem
• Error (red): serious problem, e.g. [Malformed Packet]
7.3.1.2. Group
There are some common groups of expert infos. The following are currently implemented:
• Checksum: a checksum was invalid
• Sequence: protocol sequence suspicious, e.g. sequence wasn't continuous or a retransmission was
detected or ...
• Response Code: problem with application response code, e.g. HTTP 404 page not found
• Request Code: an application request (e.g. File Handle == x), usually Chat level
• Undecoded: dissector incomplete or data can't be decoded for other reasons
• Reassemble: problems while reassembling, e.g. not all fragments were available or an exception
happened while reassembling
• Protocol: violation of protocol specs (e.g. invalid field values or illegal lengths), dissection of this packet
is probably continued
• Malformed: malformed packet or dissector has a bug, dissection of this packet aborted
• Debug: debugging (should not occur in release versions)
It's possible that more such group values will be added in the future ...