I need to add 2 different comments to a specific frame. I'm using editcap command . The problem is that when I try to do this:
editcap -a "1:comment1" -a "1:comment2"
only the second comment appears.
Is there a way to add 2 comments to one frame?
It is possible to add multiple comments to a frame with editcap, but each additional comment must be added as new editcap command.
% tshark -V -r my.pcapng
Frame 1: 1399 bytes on wire (11192 bits), 1399 bytes captured (11192 bits) on interface eth0, id 0
...
% editcap -a "1:My 1st comment for frame 1" my.pcapng my.pcapng-1
% editcap -a "1:My 2nd comment for frame 1" my.pcapng-1 my.pcapng-2
% tshark -V -r my.pcapng-2
Packet comments
My 1st comment for frame 1
[Expert Info (Comment/Comment): My 1st comment for frame 1]
[My 1st comment for frame 1]
[Severity level: Comment]
[Group: Comment]
My 2nd comment for frame 1
[Expert Info (Comment/Comment): My 2nd comment for frame 1]
[My 2nd comment for frame 1]
[Severity level: Comment]
[Group: Comment]
Frame 1: 1399 bytes on wire (11192 bits), 1399 bytes captured (11192 bits) on interface eth0, id 0
...
Adding multiple frame comments using editcap doesn't seem to be currently supported.
Please raise an issue at the Wireshark GitLab issues list, options to consider are:
Related (closed) issue: 12007: editcap packet comment won't add multiple comments
Asked: 2022-07-10 10:19:41 +0000
Seen: 266 times
Last updated: Jul 10 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
