Wireshark-bugs: [Wireshark-bugs] [Bug 3096] New: Ability to annotate packet captures
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3096
Summary: Ability to annotate packet captures
Product: Wireshark
Version: unspecified
Platform: PC
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: marksmith@xxxxxxxxxxx
Build Information:
TShark 1.0.4
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.18.2, with libpcap 0.9.8, with libz 1.2.3.3, with POSIX
capabilities (Linux), with libpcre 7.8, without SMI, without ADNS, without Lua,
with GnuTLS 2.4.1, with Gcrypt 1.4.3, with Heimdal Kerberos.
Running on Linux 2.6.27-ARCH, with libpcap version 0.9.8.
Built using gcc 4.3.2.
--
Hi,
When I'm looking at packet captures in Wireshark, it would sometimes be very
useful to be able to record comments or notes against either individual packets
or near the packets being commented on. At the moment if I do that, I have to
record those comments and the packet details on a piece of paper or in some
text editor.
It would be useful if it were possible to be able to write comments within
Wireshark itself instead.
One question would be where should these comments be saved. I think it would be
very useful to have them stored within the packet capture file itself, rather
than in a separate file. I haven't investigated its feasibility, however, one
idea I had was that it could be possible to insert these comments as "packets"
within the capture, with something identifying these comment "packets" as
special to Wireshark. If this identifier is chosen well enough, other packet
analysers, e.g. tcpdump, could just ignore them as not understood, or dump them
in hex/ascii, showing the comment. Some ideas for this field might be to set
the real time timestamp on the packet to all zeros, or maybe use a protocol
field value that is impossible to ever be seen on the wire (if one exists.)
Thanks,
Mark.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.