Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Comment your Packet Captures - Extra! - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Comment your Packet Captures - Extra!

Xavier has an excellent tip for Wireshark users: Comment your Packet Captures!

In his diary entry, Xavier advises you to add comments to individual packets.

 

You can also add a global comment to your capture file. Go to Statistics / Capture File Properties:

You can add a comment to the capture file in the displayed dialog box:

Of course, you need to use the pcapng file format to save comments. The pcap format does not support this:

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

281 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!