On Feb 22, 2012, at 9:05 AM, Anders Broman wrote:
> Spending some time on the basics for this I have a couple of questions on how to proceed.
>
> Live captures:
> - To annotate a capture when we start it we would have to fill in pcapngs Section Header Blocks (SHB) option comment. This has to be done trough dumpcap -right?
Or, in Wireshark, through an option to annotate the capture after you've made it; File -> Save would be activated, and it'd write out a new version of the file with a comment option in the SHB.
> In order to do that a new argument is needed Use -C "This capture was made to prove that annotating captures work"?
> Where to put the GUI stuff for it?
For annotating the capture when you make the capture, I'd have a field in the Capture Options dialog, activated if the capture is being done as a pcap-NG file rather than a pcap file.
> - It cold be nice to have a permanent comment attached to an interface, fits in the Interface Description Blocks(IDB) comment field, does this also require an option to dumpcap?
...and, in Wireshark, a dialog of some sort to let you add comments and save the capture out.