I sometimes have cause to send captures, or fragments of captures to
others for discussion. The ubiquity of Wireshark/Ethereal is a real boon
here, as is the standard pcap format. However I often wish to annotate the
captures, to highlight an issue, or indicate what external events
correspond to what in the trace, or even simply to explain some point
about the trace to successors reading it.
Suggestion. Is it feasible to create an "annotation" pseudo protocol and
supporting functionality in Wireshark, such that such comments could be
added to the capture, saved with the capture as if part of the trace, and
be available to Wireshark or other tools on subsequent opening of the
capture file? Or does something of this nature already exist, and I've
missed it?
I'll happily add a wiki entry for the suggestion the list considers it to
have some merit. I understand that it implies registering the pseudo
protocol with pcap.
And I realise there may be some reluctance to adding effusively a simple
text editor to Wireshark. Could this functionality call out to an external
editor perhaps?
Cheers Harry Moyes