Thanks for the kind reply. It's actually not a bug - Let me explain:

When performing "fw ctl debug" and making modifications to the module flags (in your example, the "fw" module) you can either add flags (with the + sign) or you can remove flags (with the - sign). Each of these actions (add and remove module flags) must be on their own line which is why we have one line for "fw ctl debug -m $MODULE + $FLAGS" and "fw ctl debug -m $MODULE - $FLAGS)". On each line, you can have as many of the modules turned on or off as you want.

When programming this, the easiest way I found to create these lines was to create an array of the modules (the boxes on the right) and whether or not they were "active" or "inactive". Taking this array, we loop over all the entries and put the specific module flags in their respective line (either "+" or "-") which then updates the command.

The downside to this is that there's no baseline array to compare against so even if you set your debug flags back to their original settings, the commands still appear - It works but it does look a little ugly.

The other thing about the debug boxes is that the current defaults are already highlighted. For example, look at the "kissflow" boxes below:

and compare it against the output from this command:

[Expert@gw-9de5b8:0]# fw ctl debug -m kissflow
Kernel debugging buffer size: 50KB
Module: kissflow
Enabled Kernel debugging options: error warning
Messaging threshold set to type=Info freq=Common‍‍‍‍‍

See how the default options of "error warning" are highlighted in the "kissflow" module? This way here, users don't have to turn them on since they're on by default. Only when making changes to a module will the "-m $MODULE +/- $FLAGS" show up.

I hope this clears things up.

Sean (Gr@ve_Rose)

Thanks Valeri Loukine‌! It was your suggestion to post in this thread that got this all started. Looks like I owe you an Internet beer as well.

No sir, beers are on me. Or Dameon Welch Abernathy‌, depending on who catches you first

Ask and ye shall receive. I've also created a subreddit (and linked to it in the page) so that other people (not CheckMates members) can participate in the discussions: https://www.reddit.com/r/tcpdump101/ Of course, I'll still be here doing my best to help out whenever I can, trying to score free beers from random Internet friends.

Thanks for the kind words, Gaurav Pandya‌. I hope you find it helpful.

Thanks Jerry Szpinak‌! I'm glad you think it's useful and hopefully it helps you (and others).

You're wonderful, Petr Hantak‌! I wanted to make sure that it was written in "flat" languages so I used HTML, JavaScript and CSS so that people could use it offline without the need to have a server or even Internet connectivity. It's why I stayed away from jQuery since, usually, it's an external include to the library. I hope you find it useful.

You choose very good solution combination. HTML, JavaScript and CSS works almost everywhere and almost all mobile devices hasn't got problem with it as well. 

Thanks Phillip Runner for the great reply and suggestions!

• Adding a new filter to the middle of an already existing syntax string. I really like that idea! It's going to be a bit of time before I'll be able to port that in since it will require modifying both the existing syntax options as well as the top-most command spans, but it's definitely do-able. This will probably be a major release update to put these in (a.k.a. a total front-end redesign) but I look forward to the challenge and the feature you've suggested.
• Moving filters from one tool to another. I had thought about this but then talked myself out of it since I figured people would rarely be on multiple vendors at the same time (even though I usually am) and may not have use for it. The other item I wanted to add in which may satisfy your suggestion, was a PCap wizard. You would put in what you want in a "next-next-finish" fashion and then output your command based on the type you selected. If I make the selection type at the end (or even have a "show all" option), would that be useful?
• Have values stay when an option is changed and present a warning/error. This is probably the most difficult one to do for a few reasons:
  • Each drop-down option changes the filter input type with Javascript by removing the existing HTML and putting new HTML in it's place. When this happens, the existing information is gone into the void. It could be possible to grab a hold of "this.value" before the change and populate the new "this.value" with the previous contents but I don't want to confuse people if values are pre-populated; Especially if the values are incorrect (if you go from source IP to ethernet address as an example). This leads to your second suggestion on the same subject...
  • Present a warning if values appear to be incorrect. I've struggled with this ever since day one. The issue is that I don't know what people are using for filters. Let's stick with the "host" filter to keep things simple. With that option, we could have one of three possible valid values: IPv4 address, IPv6 address and hostname. I don't know what people will be putting in so "1.2.3.4", "2001:bad:c0de::1" and "1.2.3.4.com" are all good entries but how do I determine (through RegEx) which one the user actually is putting in? I could put another option for users to select "I am putting in an IPv6 address" or whatever but I don't want to overload the user with too many options to have to select just to build their command. It's also entirely possible that the RegEx is floating around on StackOverflow somewhere and I just haven't seen it. I'll keep looking into this (since I really want to have this feature) and if I find a viable solution, I'll code it in.

Thanks again for the great suggestions and I'm glad you find it helpful.

Thanks for the kind words, Danilo Lara‌! I hope you (and others) find it helpful.

And thanks to you, Diego Lopez, for the reply. I look forward to your feedback and hope you find it useful.

Thanks for the kind words, Gianluca Giordano‌! I hope you find it useful.

Keep up the good job, Sean Murray-Ford‌, we appreciate your efforts deeply. 

Jozko Mrkvicka‌ - Are you a magician because you're reading my mind.

1. I did this in the older version and wanted to do it for this one but my CSS skills weren't as good as they needed to be at the time. When I moved the menu to the left, I didn't code the <div> properly so I couldn't freeze the commands but it is something I'm working on for the next design.
2. The horizontal scrollbar usually only shows up with a smaller resolution on the users web browser. Just as an FYI, the left menu bar is hardcoded at 100px. Are you using this on mobile or desktop? I haven't designed for mobile since I doubted that people would use this on a mobile device - Usually people will be on a computer when running packet captures. I may try and do some mobile design for the next version but it's not at the top of my list.
3. I like the idea and this actually ties into a suggestion by Vladimir Yakovlev‌ about moving the button to the right side instead of below. I think I'll give this more serious consideration now that it's been brought up again.
4. That just brings up a small status bar at the bottom when hovered over showing the different statuses for the modules. I've coded it as "display: fixed;" so it will always be at the bottom but maybe I'll just make another icon for it or possibly remove it since the splash page shows the same information.

Thanks again for the great suggestions!

Thank you for your comments, really appreciate 

Regarding to the point n. 2:

I was checking it on the desktop. Using Chrome and resolution 1440 x 900. Forget to do mobile version - wasting of your time here. All users will visit site on the desktop anyway.

Thanks for the kind words, Dhananja Kariyawasam‌! I'm glad you find it useful. With positive encouragement from the Network/NetSec communities as well as good feedback on how to make it better, I'm hoping to add more features and make it more functional for everyone to learn packet captures!