Re: Newbee - propose Splat Button

[Graham Bloice <graham.bloice () trihedral com>]

On Thu, 7 May 2020 at 17:48, Bob Gustafson <bobgus () rcn com> wrote:

> Thanks Jaap.
>
> I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - no
> mark... Ahh, when I move cursor off packet to be marked, I see marked
> packet as white on black rather than white on blue.
>
> The functionality I'm looking for is to actually store the user button
> (splat) in the saved file. But maybe I don't need that if I just keep
> Wireshark open on my screen. Also, other users may use the saved file
> for other purposes - parse and act. Having a splat actually in the saved
> file might not be so good. But then, those folks probably would not be
> looking at the screen anyway.
>
> I will do my experiments again (and again) and use the Mark feature. It
> may be good enough.
>
> Thanks much - BobG
>
> On 5/7/20 11:08 AM, Jaap Keuter wrote:
> > Hi Bob,
> >
> > Good to hear the program is helpful for your quest.
> >
> > As for your purpose, does the ‘Mark Packet’ feature do the trick? Select
> a packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others).
> You can also find the option in the Edit menu. Unfortunately these marks
> are not (yet) saved to the capture file, but remain as long as the capture
> is loaded.
> > Hope it helps,
> > Jaap
> >
> >
> > > On 7 May 2020, at 17:43, Bob Gustafson <bobgus () rcn com> wrote:
> > >
> > > Hi list
> > >
> > > I'm in the process of working through the initial boot of a new box, a
> new os (coreos), and a new (to me) iPXE.
> > > It is a trial and error process for me - my coding is a bit sloppy and
> I don't read all of the instructions the first time around.
> > > Wireshark has been very helpful as the boot process is between the new
> box and a host (Fedora31) I can see all of the successes and failures that
> hit the net.
> > > -----
> > >
> > > To increase my visibility, rather than using a boot script, I am keying
> in the boot steps by hand (kernel, initrd, ...) and then observing the
> results on my minicom screen and on wireshark.
> > > This is a long process (given my errors..).
> > >
> > > I can copy the lines on my minicom screen and copy the lines from
> wireshark for subsequent inspection with a cup of coffee.
> > > It would really be nice if I could mouse over to the Wireshark window
> during my actions and click on a special BUTTON, which would enter a blank
> (or default or TBD text) into a new line on the Wireshark packet transcript
> window. The SPLAT.
> > > Then, when I look at the minicom save, and the wireshark save, I can
> see roughly what I did at various places in time without having to ponder
> the Time column in wireshark.
> > > Thanks for your attention, keep safe, wash hands
> > >
> > > Bob Gustafson


There's also the ability to add a free-format textual comment to each
packet.  Right click a packet in the list and choose "Packet Comment...",
shortcut keys appropriate for your OS will be available.  Comments are
saved with the file.

Unfortunately packet comments don't show up until you save the file and
reload it, this might be worthy of a bug

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe