I'm trying to debug something, a flaky Bluetooth stream, that has a lot of data and relatively rare issues. Ideally, what I'd like to be able to do is to start Wireshark running and then have a button I can press that will, in real time, insert markers in to the packet capture stream. Then I could go back and look carefully at the traffic around the time of events.
Does that exist? And if not, what's the best way to record markers like that and make use of them in Wireshark?
asked 20 Sep '14, 11:44
Nothing such as that exists in Wireshark.
It might be a useful enhancement. The pcap file format doesn't have any mechanism to support that, but the pcap-ng format, which is the default, is extensible, so we could add, for example, an "external event" block type that contains user-specified text.
Enhancement requests can be filed at the Wireshark Bugzilla.
answered 20 Sep '14, 15:57
Guy Harris ♦♦