Possible to somehow mark a packet permanently?



As far as I know it is possible to mark packets but as the user guide states the changes will not persist after you close wireshark. I would like to know if anyone has figured out a way to bypass that so that.

Moreover I would like to know if it possible to mark specific packets groups in specific ways/tags/colours. For example, packets

Ideally, at some point I would also like to include this flag at tshark command line and export the marks along with other packet headers into a text file.

Do you think that it might be possible somehow? Any pointers?

Much appreciated.

One Answer:


No that's not possible and the file format pcap-ng does not have an option to do that I think. But adding a packet comment might give you part of what you want q's that can be saved in an pcap-ng file.

