Hello, As far as I know it is possible to mark packets but as the user guide states the changes will not persist after you close wireshark. I would like to know if anyone has figured out a way to bypass that so that. Moreover I would like to know if it possible to mark specific packets groups in specific ways/tags/colours. For example, packets Ideally, at some point I would also like to include this flag at tshark command line and export the marks along with other packet headers into a text file. Do you think that it might be possible somehow? Any pointers? Much appreciated. asked 06 Nov '14, 15:45  BadAcidTrip |
One Answer:
No that's not possible and the file format pcap-ng does not have an option to do that I think. But adding a packet comment might give you part of what you want q's that can be saved in an pcap-ng file. answered 06 Nov '14, 21:18  Anders ♦ |
