As far as I know it is possible to mark packets but as the user guide states the changes will not persist after you close wireshark. I would like to know if anyone has figured out a way to bypass that so that.
Moreover I would like to know if it possible to mark specific packets groups in specific ways/tags/colours. For example, packets
Ideally, at some point I would also like to include this flag at tshark command line and export the marks along with other packet headers into a text file.
Do you think that it might be possible somehow? Any pointers?
asked 06 Nov '14, 15:45
No that's not possible and the file format pcap-ng does not have an option to do that I think. But adding a packet comment might give you part of what you want q's that can be saved in an pcap-ng file.
answered 06 Nov '14, 21:18