 | 1 | initial version |
Those fields are synthesised or inferred by the Wireshark dissector library from the traffic in the capture file and denoted as such by having "[]" around them and so cannot be saved in a pcap as that only contains the traffic as transmitted (along with some other met-information about the capture interfaces etc.).
Any recipient of the capture file can open it in their copy of Wireshark and see the same information (as long as their version of Wireshark calculates or infers the fields in the same way, we do change things occasionally).
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
