Hi,
Spending some time on the basics for this I have a couple of questions on how to proceed.
Live captures:
- To annotate a capture when we start it we would have to fill in pcapngs Section Header Blocks (SHB) option comment. This has to be done trough dumpcap -right?
In order to do that a new argument is needed Use -C "This capture was made to prove that annotating captures work"?
Where to put the GUI stuff for it?
- It cold be nice to have a permanent comment attached to an interface, fits in the Interface Description Blocks(IDB) comment field, does this also require an option to dumpcap?
For example: "Captures of the mirror interface of XXX".
At least for windows it should be possible to add if_speed to the IDB as well.
Any one interested in doing parts of this?
Regards
Anders