[Benjamin Mixon-Baca <bmixonba@xxxxxxx>]

Hello,

I am writing a tool that processes pcap/pcapng files and extracts metadata about packets, such as the frequency of specific bytes, and information about specific byte sequences. Is there a way for me to integrate this into a pcap/pcapng file such that when wireshark reads the pcap file, my metadata gets displayed somehow? As an example, imagine I have a packet such as

|   ip  | tcp |  payload
-------------------------------------

|        |       |  "client_ip=X.X.X.X"
.
.
.
|        |       |  "client_ip=Y.Y.Y.Y"

I want to be able to somehow highlight and/or annotate the string "client_ip" with, e.g., the number of times this string occurs. Is there a way to accomplish this using pcapng extensions or custom block types in some way?

Thank you in advance for your replies.

Regards,

Ben Mixon-Baca