I'm relatively new to wireshark. I'm using an older Fedora wireshark-gnome for some debugging and testing of another system. I would like to be able to insert a comment or text note into the capture file before performing an action on the system being tested (where wireshark will capture the results). I did not see anything like this is in the GUI. Am I missing something? Regards, Chad Farmer I understand the complexity of inserting data at arbirtary points within a capture file while it is being recorded, so I would be happy to just insert a comment into the capture file "stream". A more complex design would be to have an external file of comments indexed to a capture file(s) and with the display and editing of comments integrated into the GUI. Unfortunately, I'm not interested in implementing it. asked 08 Mar '13, 09:46  Chad Farmer |
One Answer:
You need to move to Wireshark 1.8.x or later as that supports pcapng, a new capture file format that allows comments (or annotations) to be added. The Wireshark UI allows you to view and edit the comments. See the blog post from @Gerald. answered 08 Mar '13, 09:51  grahamb ♦ edited 08 Mar '13, 09:52 |
Thank you. It seemed like too useful of an idea to not exist.
Agreed. (Feature is "Too useful to not exist") Thanks for the link to blog post on the differences between pcap and pcap-ng formats. Came here with the same question as the original poster. First time I've stumbled on a reason to prefer the new format.
Apart from, "Well it says NG". : )