Wireshark mailing list archives
Annotating capture files and/or pcap pre-processing
From: Jouni Malinen <jkmalinen () gmail com>
Date: Fri, 12 Nov 2010 01:55:31 +0200
Is there any recommended way of annotating capture files in a way that Wireshark could display in nice way on the UI? I would like to be able to insert text comments between frames and it would also be nice to be able to add expert info entries. So far, I've been using a dummy frame that I generate in the driver with some bogus headers and ASCII text. Sure, the information is available in Wireshark, but it is not exactly in user friendly format. As a new use case, I'm working on a protocol analyzer that goes through IEEE 802.11 frames and maintains similar state to what the actual devices have internally to allow most parts of the protocol use to be verified. In theory, something similar could be done in packet-ieee80211.c and airpdcap, but at least for me, it is quite a bit easier to work with an external tool. However, the main drawback of that is lack of easy access to marking up the capture with annotation regarding incorrect protocol use (i.e., something that should fit in quite nicely with Wireshark expert info, I'd think) and other comments. There is an open bugzilla case (Bug 3096) on similar functionality from couple of years ago. Has there been any progress on this since then? Is pcap-ng likely to materialize any time soon? Would there be other ways of doing this more quickly? Since I'm concentrating on IEEE 802.11 captures with radiotap headers, I would assume I could extend that with a vendor specific extension etc. to mark the annotations (and expert info entries?). Sure, it may not be applicable to all link types, but it may be better than waiting for years for something nicer to show up.. Would patches to add some kind of annotations using radiotap extensions or some other vendor specific protocol extensions (e.g., Vendor-specific IEEE 802.11 Action frame, etc. that has a unique identified since I would assign an OUI/sub-type for this purpose) be accepted? - Jouni ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Annotating capture files and/or pcap pre-processing Jouni Malinen (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Guy Harris (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Jouni Malinen (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Hadriel Kaplan (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Guy Harris (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Hadriel Kaplan (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Jouni Malinen (Nov 11)
- Re: Annotating capture files and/or pcap pre-processing Guy Harris (Nov 11)