I'm trying to debug something, a flaky Bluetooth stream, that has a lot of data and relatively rare issues. Ideally, what I'd like to be able to do is to start Wireshark running and then have a button I can press that will, in real time, insert markers in to the packet capture stream. Then I could go back and look carefully at the traffic around the time of events. Does that exist? And if not, what's the best way to record markers like that and make use of them in Wireshark? asked 20 Sep '14, 11:44  wpietri |
One Answer:
Nothing such as that exists in Wireshark. It might be a useful enhancement. The pcap file format doesn't have any mechanism to support that, but the pcap-ng format, which is the default, is extensible, so we could add, for example, an "external event" block type that contains user-specified text. Enhancement requests can be filed at the Wireshark Bugzilla. answered 20 Sep '14, 15:57  Guy Harris ♦♦ |
Thanks! That's helpful; there's so much good stuff in Wireshark I have a hard time telling when something definitely isn't there. For now I think I'll just make a little script that logs keypresses with fine-grained timestamps. But that would be a cool feature.
If you file an enhancement request, that'll at least make a record of it in the bug database, so that people can find it, discuss it, and work on it more easily; please do so if you'd like to have the feature.