 | 1 | initial version |
You can use tshark to export the comments:
$ tshark -nl -r ~/Wireshark/TCP-QA/TCP-QA-001.pcapng -Y frame.comment -T fields -e frame.number -e frame.comment
55 [20200406 Sake 3.2.2]\nThis frame is correctly marked as "out-of-order"
61 [20200405 Sake 3.2.2] ERROR\nThis should be marked as "out-of-order" as the per the ip.id it was sent after frame 55\n\nAlso, as the iRTT is ~150ms this frame could not have been a fast-retransmission as the DUP-ACKs have not reached the server yet.\n\nAlso, there have not been 3 DUP-ACKs for 49820 yet\n
[...]
$
In a comment above you mention pyshark. I'm not familiar with pyshark, so I don't know about it's capabilities. As packet comments are special blocks in a pcapng file, you will need to look for tools that are able to read those blocks. As @Guy Harris already mentions, a lot of tools just access the packets without accessing the extra information blocks in a pcanng file. So maybe using tshark is your best bet...
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.