This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can you change the capture format to support the diagnostic process?

0

Would it be feasible to have options to:

  1. Add HOSTS file information that will travel with the PCAP file as it is sent to vendors, etc.
  2. Or, an option to save the file with the current HOSTS file information
  3. Add Summary information on the problem.
  4. Obfuscate IP addresses for confidentiality reasons (modify HOSTS IP information (#1) accordingly)
  5. Add a user initiated record to mark events in a trace with timestamps and user comment
  6. Add a network trace analyst record to enable permanent highlighting of trace areas with comments

asked 14 Sep '10, 04:36

Gary's gravatar image

Gary
1333
accept rate: 0%

edited 14 Sep '10, 10:06

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258

2 Answers:

2

That's what pcap-ng envisions to provide. Wireshark only supports a limited subset of its features.

answered 14 Sep '10, 04:51

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Item 4 isn't a capture format issue - you'd want to obfuscate the actual raw packet data, regardless of the capture format. If Wireshark supported putting address-mapping information in pcap-ng captures, you'd also want to either map the obfuscated addresses to the real names or remove the address-mapping information.

(15 Sep '10, 17:02) Guy Harris ♦♦

0

Gary - you can check out pcap-ng information at http://wiki.wireshark.org/Development/PcapNg.

I think you have a great list going!

answered 14 Sep '10, 08:19

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%