Finding and highlighting in packet list area (when looking for particular flow records)

Hi,

I have to look at a lot of flow records and I work with filters like: cflow.srcaddr == 10.1.1.20 and cflow.protocol==1 and cflow.dstaddr == 10.1.190.4

The result can be as low as 1 packet (if I'm lucky) but the packet list window still has 34 entries, and if I have more packets you have xxx entries.

I always get frustrated also with other investigations that I found no way to highlight in the packet details what I was looking for.

I don't want to export all the packets to plain text and then search with notepad++ or my editor de jour.

1) Is there a way to search for string and highlight the place in the packet, put it into view; then jump from selection to selection?; currently I'm having big trouble going through all the flows trying to see where is the line SrdAddr: xxxx.

Each single flow packet usually has around 600 lines in packet list!

No. Time Source Destination Protocol Info 2456 2011-03-04 14:41:53.845986 10.1.222.2 10.1.222.207 CFLOW total: 34 (v9) records

Frame 2456: 1462 bytes on wire (11696 bits), 1462 bytes captured (11696 bits) Internet Protocol, Src: 10.1.222.2 (10.1.222.2), Dst: 10.1.222.207 (10.1.222.207) User Datagram Protocol, Src Port: 49321 (49321), Dst Port: palace-5 (9996) Cisco NetFlow/IPFIX Version: 9 Count: 34 SysUptime: 33 Timestamp: Mar 4, 2011 14:41:55.000000000 W. Europe Standard Time FlowSequence: 34354353 SourceId: 517 FlowSet 1 Data FlowSet (Template Id): 256 FlowSet Length: 1400 Flow 1 [Duration: 0.000000000 seconds] Octets: 113 Packets: 1 InputInt: 193 OutputInt: 96 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 10.1.69.98 (10.1.69.98) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 53380 NextHop: 10.1.69.98 (10.1.69.98) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 2 [Duration: 9.856000000 seconds] Octets: 364 Packets: 7 InputInt: 136 OutputInt: 121 SrcAddr: 10.1.189.26 (10.1.189.26) DstAddr: 10.1.225.197 (10.1.225.197) Protocol: 1 IP ToS: 0x00 SrcPort: 8 DstPort: 0 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 26 SrcMask: 27 TCP Flags: 0x00 Flow 3 [Duration: 0.000000000 seconds] Octets: 70 Packets: 1 InputInt: 96 OutputInt: 193 SrcAddr: 10.1.69.73 (10.1.69.73) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 39070 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 4 [Duration: 0.000000000 seconds] Octets: 99 Packets: 1 InputInt: 121 OutputInt: 193 SrcAddr: 10.2.223.120 (10.2.223.120) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 2090 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 26 TCP Flags: 0x00 Flow 5 [Duration: 0.000000000 seconds] Octets: 187 Packets: 1 InputInt: 96 OutputInt: 121 SrcAddr: 10.1.222.83 (10.1.222.83) DstAddr: 10.1.201.44 (10.1.201.44) Protocol: 6 IP ToS: 0x00 SrcPort: 7279 DstPort: 1134 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 23 SrcMask: 22 TCP Flags: 0x00 Flow 6 [Duration: 0.000000000 seconds] Octets: 280 Packets: 4 InputInt: 96 OutputInt: 193 SrcAddr: 10.1.69.204 (10.1.69.204) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 59017 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 7 [Duration: 0.000000000 seconds] Octets: 72 Packets: 1 InputInt: 96 OutputInt: 193 SrcAddr: 10.1.69.102 (10.1.69.102) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 44072 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 8 [Duration: 0.000000000 seconds] Octets: 110 Packets: 1 InputInt: 193 OutputInt: 121 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 199.103.111.101 (199.103.111.101) Protocol: 17 IP ToS: 0x00 SrcPort: 32483 DstPort: 53 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 26 SrcMask: 32 TCP Flags: 0x00 Flow 9 [Duration: 0.000000000 seconds] Octets: 56 Packets: 1 InputInt: 96 OutputInt: 196 SrcAddr: 10.1.69.66 (10.1.69.66) DstAddr: 10.1.189.242 (10.1.189.242) Protocol: 17 IP ToS: 0x00 SrcPort: 111 DstPort: 49199 NextHop: 193.47.16.149 (193.47.16.149) DstMask: 25 SrcMask: 32 TCP Flags: 0x00 Flow 10 [Duration: 0.000000000 seconds] Octets: 124 Packets: 1 InputInt: 193 OutputInt: 96 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 10.1.69.73 (10.1.69.73) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 39467 NextHop: 10.1.69.73 (10.1.69.73) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 11 [Duration: 0.000000000 seconds] Octets: 110 Packets: 1 InputInt: 193 OutputInt: 96 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 10.1.69.102 (10.1.69.102) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 44326 NextHop: 10.1.69.102 (10.1.69.102) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 12 [Duration: 0.000000000 seconds] Octets: 74 Packets: 1 InputInt: 121 OutputInt: 121 SrcAddr: 10.2.223.69 (10.2.223.69) DstAddr: 10.2.223.180 (10.2.223.180) Protocol: 17 IP ToS: 0x00 SrcPort: 45374 DstPort: 53 NextHop: 10.1.190.5 (10.1.190.5) DstMask: 25 SrcMask: 27 TCP Flags: 0x00 Flow 13 [Duration: 6.016000000 seconds] Octets: 119359 Packets: 113 InputInt: 122 OutputInt: 121 SrcAddr: 10.2.223.8 (10.2.223.8) DstAddr: 10.23.5.223 (10.23.5.223) Protocol: 6 IP ToS: 0x00 SrcPort: 8080 DstPort: 50275 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 24 SrcMask: 27 TCP Flags: 0x00 Flow 14 [Duration: 0.000000000 seconds] Octets: 48 Packets: 1 InputInt: 122 OutputInt: 121 SrcAddr: 10.2.223.5 (10.2.223.5) DstAddr: 10.1.103.86 (10.1.103.86) Protocol: 6 IP ToS: 0x00 SrcPort: 8080 DstPort: 1918 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 24 SrcMask: 27 TCP Flags: 0x00 Flow 15 [Duration: 0.000000000 seconds] Octets: 86 Packets: 1 InputInt: 193 OutputInt: 121 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 10.2.223.73 (10.2.223.73) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 57851 NextHop: 10.1.190.5 (10.1.190.5) DstMask: 26 SrcMask: 32 TCP Flags: 0x00 Flow 16 [Duration: 0.000000000 seconds] Octets: 48 Packets: 1 InputInt: 121 OutputInt: 96 SrcAddr: 10.1.176.114 (10.1.176.114) DstAddr: 10.1.69.25 (10.1.69.25) Protocol: 6 IP ToS: 0x00 SrcPort: 139 DstPort: 13525 NextHop: 10.1.69.25 (10.1.69.25) DstMask: 32 SrcMask: 23 TCP Flags: 0x00 Flow 17 [Duration: 0.000000000 seconds] Octets: 228 Packets: 1 InputInt: 193 OutputInt: 121 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 10.2.223.120 (10.2.223.120) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 32985 NextHop: 10.1.190.5 (10.1.190.5) DstMask: 26 SrcMask: 32 TCP Flags: 0x00 Flow 18 [Duration: 0.000000000 seconds] Octets: 95 Packets: 1 InputInt: 193 OutputInt: 121 SrcAddr: 10.2.223.10 (10.2.223.10) DstAddr: 193.47.8.98 (193.47.8.98) Protocol: 17 IP ToS: 0x00 SrcPort: 22002 DstPort: 53 NextHop: 10.1.190.52 (10.1.190.52) DstMask: 26 SrcMask: 32 TCP Flags: 0x00 Flow 19 [Duration: 4.032000000 seconds] Octets: 420 Packets: 5 InputInt: 96 OutputInt: 121 SrcAddr: 10.1.222.20 (10.1.222.20) DstAddr: 10.1.190.4 (10.1.190.4) Protocol: 1 IP ToS: 0x00 SrcPort: 8 DstPort: 0 NextHop: 10.1.190.4 (10.1.190.4) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 20 [Duration: 0.000000000 seconds] Octets: 60 Packets: 1 InputInt: 96 OutputInt: 121 SrcAddr: 10.1.69.204 (10.1.69.204) DstAddr: 10.1.102.162 (10.1.102.162) Protocol: 6 IP ToS: 0x00 SrcPort: 59640 DstPort: 515 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 24 SrcMask: 32 TCP Flags: 0x00 Flow 21 [Duration: 0.064000000 seconds] Octets: 1443 Packets: 5 InputInt: 121 OutputInt: 96 SrcAddr: 10.2.223.5 (10.2.223.5) DstAddr: 10.1.69.64 (10.1.69.64) Protocol: 6 IP ToS: 0x00 SrcPort: 8080 DstPort: 2117 NextHop: 10.1.69.64 (10.1.69.64) DstMask: 22 SrcMask: 27 TCP Flags: 0x00 Flow 22 [Duration: 0.576000000 seconds] Octets: 2045 Packets: 14 InputInt: 122 OutputInt: 121 SrcAddr: 10.2.223.5 (10.2.223.5) DstAddr: 10.1.172.84 (10.1.172.84) Protocol: 6 IP ToS: 0x00 SrcPort: 8080 DstPort: 1290 NextHop: 10.1.190.16 (10.1.190.16) DstMask: 28 SrcMask: 27 TCP Flags: 0x00 Flow 23 [Duration: 0.000000000 seconds] Octets: 77 Packets: 1 InputInt: 115 OutputInt: 193 SrcAddr: 10.2.223.136 (10.2.223.136) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 60808 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 24 TCP Flags: 0x00 Flow 24 [Duration: 0.000000000 seconds] Octets: 162 Packets: 1 InputInt: 121 OutputInt: 121 SrcAddr: 10.2.223.180 (10.2.223.180) DstAddr: 10.2.223.69 (10.2.223.69) Protocol: 17 IP ToS: 0x00 SrcPort: 53 DstPort: 45374 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 27 SrcMask: 25 TCP Flags: 0x00 Flow 25 [Duration: 11.200000000 seconds] Octets: 2546 Packets: 2 InputInt: 121 OutputInt: 121 SrcAddr: 10.1.57.166 (10.1.57.166) DstAddr: 10.1.99.61 (10.1.99.61) Protocol: 6 IP ToS: 0x00 SrcPort: 1026 DstPort: 917 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 24 SrcMask: 25 TCP Flags: 0x00 Flow 26 [Duration: 14.464000000 seconds] Octets: 15380 Packets: 27 InputInt: 133 OutputInt: 96 SrcAddr: 10.2.223.56 (10.2.223.56) DstAddr: 10.1.69.109 (10.1.69.109) Protocol: 6 IP ToS: 0x00 SrcPort: 14221 DstPort: 3300 NextHop: 10.1.69.109 (10.1.69.109) DstMask: 32 SrcMask: 24 TCP Flags: 0x00 Flow 27 [Duration: 0.064000000 seconds] Octets: 977 Packets: 5 InputInt: 121 OutputInt: 96 SrcAddr: 10.1.103.127 (10.1.103.127) DstAddr: 10.1.69.29 (10.1.69.29) Protocol: 6 IP ToS: 0x00 SrcPort: 1164 DstPort: 80 NextHop: 10.1.222.6 (10.1.222.6) DstMask: 32 SrcMask: 24 TCP Flags: 0x00 Flow 28 [Duration: 15.040000000 seconds] Octets: 394 Packets: 5 InputInt: 121 OutputInt: 96 SrcAddr: 10.1.99.73 (10.1.99.73) DstAddr: 10.1.222.67 (10.1.222.67) Protocol: 6 IP ToS: 0x00 SrcPort: 1926 DstPort: 80 NextHop: 10.1.222.6 (10.1.222.6) DstMask: 32 SrcMask: 24 TCP Flags: 0x00 Flow 29 [Duration: 0.000000000 seconds] Octets: 231 Packets: 2 InputInt: 96 OutputInt: 121 SrcAddr: 10.1.222.67 (10.1.222.67) DstAddr: 10.1.102.73 (10.1.102.73) Protocol: 6 IP ToS: 0x00 SrcPort: 80 DstPort: 2164 NextHop: 10.1.190.19 (10.1.190.19) DstMask: 24 SrcMask: 32 TCP Flags: 0x00 Flow 30 [Duration: 0.000000000 seconds] Octets: 70 Packets: 1 InputInt: 96 OutputInt: 193 SrcAddr: 10.1.69.73 (10.1.69.73) DstAddr: 10.2.223.10 (10.2.223.10) Protocol: 17 IP ToS: 0x00 SrcPort: 39245 DstPort: 53 NextHop: 10.2.223.10 (10.2.223.10) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 31 [Duration: 4.288000000 seconds] Octets: 5228 Packets: 11 InputInt: 96 OutputInt: 121 SrcAddr: 10.1.222.32 (10.1.222.32) DstAddr: 10.1.193.143 (10.1.193.143) Protocol: 6 IP ToS: 0x00 SrcPort: 443 DstPort: 1611 NextHop: 10.1.190.16 (10.1.190.16) DstMask: 26 SrcMask: 32 TCP Flags: 0x00 Flow 32 [Duration: 0.064000000 seconds] Octets: 282 Packets: 5 InputInt: 196 OutputInt: 96 SrcAddr: 10.1.189.137 (10.1.189.137) DstAddr: 10.1.71.92 (10.1.71.92) Protocol: 6 IP ToS: 0x00 SrcPort: 20050 DstPort: 35546 NextHop: 10.1.71.92 (10.1.71.92) DstMask: 22 SrcMask: 25 TCP Flags: 0x00 Flow 33 [Duration: 0.000000000 seconds] Octets: 424 Packets: 2 InputInt: 123 OutputInt: 96 SrcAddr: 10.2.223.70 (10.2.223.70) DstAddr: 10.1.69.29 (10.1.69.29) Protocol: 6 IP ToS: 0x00 SrcPort: 80 DstPort: 51354 NextHop: 10.1.222.6 (10.1.222.6) DstMask: 32 SrcMask: 32 TCP Flags: 0x00 Flow 34 [Duration: 0.000000000 seconds] Octets: 48 Packets: 1 InputInt: 121 OutputInt: 96 SrcAddr: 192.168.11.1 (192.168.11.1) DstAddr: 10.1.69.17 (10.1.69.17) Protocol: 6 IP ToS: 0x00 SrcPort: 4827 DstPort: 139 NextHop: 10.1.69.17 (10.1.69.17) DstMask: 32 SrcMask: 0 TCP Flags: 0x00 Padding (2 bytes)