Create Expressions Wizard

With this window you can create an expression which is used as a filter.

This window has four control groups:

1. The first group is composed by the controls used to insert the values in the expression. Choose the table clicking on the label (Protocols, Variables, Values, Ascii or Hex) then choose the value selecting it, then push the button 'Insert' to insert the value in the expression. If you cannot make the insertion an error message will appear. You can insert both protocol expression and any variables given by the analysis engine in the expression. This variables are taken by the analysis engine through the function GetVmVar() and they give several information about the packet.

2. The second group inserts the operators in the expression. Click on the button correspondent to the operator which you want insert. There are:

   • the five elementary operators (+, -, *, /, %)
   • The boolean operators: AND &&, OR ||, NOT !.
   • two buttons for the shift operation: shift on the right (>>), shift on the left (<<).
   • Six buttons for the comparison between the variables.

3. The controls used to navigate in the expression and to build it:
   • Insert: it inserts the selected value.
   • Test: it tests if the expression is correctly written.
   • <-: it moves the insertion point one position on the left.
   • ->: it moves the insertion point one position on the right.
   • <-() , ()->: they allow to exit from the parenthesis.
   • (): it inserts the selected text between two parenthesis.

    

4. The window controls (OK, Cancel).