Hi,
A couple of ideas:
- Extend the pcapng specification with a new block type or add an option or use a custom block.
- Use the Exported PDU datalink type and add new tags for the meta info you need.
- Use packet comments.
For the first 2 options you should commit the new code to the Wireshark project.
Regards
Anders
Dear Wireshark hackers,
I’m looking for ways to embed custom metadata in a pcapng file. Ideally, it should be possible to examine the metadata in sufficiently recent Wireshark without installing custom extensions.
Context: EMnify offers a cloud connectivity platform for IoT devices. A client can request a packet capture for troubleshooting purposes. The capture is delivered as a pcapng file. We’d like to include additional metadata, e.g. the reason a packet is being dropped; e.g. external port and IP address the packet will assume after traversing NAT.
TRB Protocol [1] looks promising. Unfortunately, it looks like is has never shipped. Could anyone shed some light on its fate? Any chance it will ship this year?
Finally, if there are other ways to embed and display custom metadata in Wireshark besides TRB Protocol, I will appreciate the pointer.
Best,
N
[1] https://wiki.wireshark.org/TRB-Protocol
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe