Wireshark Tips

Visit us on Facebook to track new Tips.

September 10, 2012 Tip: Packet Annotation

tips

Wireshark 1.8.x allows both trace file annotation and packet annotation. That means you can put your comments directly into the trace file or packets, hand the trace file to someone else and the comments are retained and visible to the next viewer.

This feature requires Wireshark 1.8.0 and later and you must save your trace file in pcapng format (the new default trace file format).

When you examine a trace file and note a "packet of interest", simply right click the packet in the Packet List pane and select Edit or Add Packet Comment...

Packet annotations can be seen just above the Frame section in the Packet Detail window. In addition, when you open the Expert there is a new tab - Packet Comments. Click on this tab to see the list of all packet comments in the trace file. Wireshark jumps to that packet in the background. Double-click a packet listed to edit the comment.

This is a great feature!

Other Sites

New Wireshark 101

wireshark_book

Wireshark 101: Essential Skills for Network Analysis includes 46 hands-on labs and details on the most important tasks to master.

 

The Wireshark Book

wireshark_book

Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide - Second Edition.

 

Available in hardcopy and Kindle formats through Amazon. For more information, visit wiresharkbook.com.


The Wireshark logo and trademark belong to Riverbed Corporation.