 | 1 | initial version |
I also can't seem to access the packet comment layer outside of wireshark either.
"Outside of Wireshark" in what sense?
If you mean "outside the Wireshark application", then TShark, which is part of the Wireshark release but is a separate program from the Wireshark application (although it's build atop the same file reading and packet dissection libraries that Wireshark is), can display them. tshark -V will display them, and, as comments for a frame are shown as the named field frame.comment, you can use tshark -T fields -e to display them, and they also show up in tshark -T pdml, tshark -T json, and tshark -T ek.
If you mean "outside the Wireshark release", I don't know what non-Wireshark software directly understands pcapng (rather than just using standard libpcap - with can read some pcapng files, but just shows it with the same API it uses for pcap, and thus throws away additional information such as comments) and displays comments.
| | 2 | No.2 Revision |
I also can't seem to access the packet comment layer outside of wireshark either.
"Outside of Wireshark" in what sense?
If you mean "outside the Wireshark application", then TShark, which is part of the Wireshark release but is a separate program from the Wireshark application (although it's build atop the same file reading and packet dissection libraries that Wireshark is), can display them. tshark -V will display them, and, as comments for a frame are shown as the named field frame.comment, you can use tshark -T fields -e to display them, and they also show up in tshark -T pdml, tshark -T json, and tshark -T ek.
If you mean "outside the Wireshark release", I don't know what non-Wireshark software directly understands pcapng (rather than just using standard libpcap - with which can read some pcapng files, but just shows it supplies its packets with the same API it uses for pcap, and thus throws away additional information such as comments) and displays comments.
| | 3 | No.3 Revision |
I also can't seem to access the packet comment layer outside of wireshark either.
"Outside of Wireshark" in what sense?
If you mean "outside the Wireshark application", then TShark, which is part of the Wireshark release but is a separate program from the Wireshark application (although it's build atop the same file reading and packet dissection libraries that Wireshark is), can display them. tshark -V will display them, and, as comments for a frame are shown as the named field frame.comment, you can use tshark -T fields -e to display them, and they also show up in tshark -T pdml, tshark -T json, and tshark -T ek. output.
If you mean "outside the Wireshark release", I don't know what non-Wireshark software directly understands pcapng (rather than just using standard libpcap - which can read some pcapng files, but just supplies its packets with the same API it uses for pcap, and thus throws away additional information such as comments) and displays comments.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
