Ask Your Question
0

Saving marked packets

asked 2020-05-05 08:46:03 +0000

Lamolna gravatar image

Dears,

Are there any methods to save the .pcap file so that all the marked packets remain marked even Wireshark is closed then restarted, file reopened? This could save some time when investigation is to continue, so that no need to find and mark the important packets again, etc. Thank you!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-05-05 10:20:54 +0000

SYN-bit gravatar image

Not by marking them, but if you add a packet-comment to each frame that you would have marked, those comments will be saved (if you save in pcapng format, which has been the default since version 1.8).

You can then filter on frames with a comment by using the filter frame.commentor search within your comments with the filter frame.comment contains "test"

edit flag offensive delete link more

Comments

Thanks for your quick feedback and information! Ok, so basically by this we can list (and in case mark again) the previously marked packets after e.g. file reopening. Just it might be a bit time consuming as for every single packets one need to add packet comment, but at least it works if situation requires so!

Lamolna gravatar imageLamolna ( 2020-05-05 11:27:57 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-05-05 08:46:03 +0000

Seen: 2,446 times

Last updated: May 05 '20