Ignore this if you are doing post edits to a capture.
Otherwise, I have used netcat - nc on some systems - during test
automation to insert test sequence delimiters. And then decode the
frames as telnet. So, a server would run 'while [ 1 ]; do netcat -lp
6200; done' and the test script would run 'echo "something is about to
happen" | netcat <server-ip> 6200'. Both netcat sessions - the endless
loop and the delimiter - can be run on the same machine as sniffer -
Wireshark.
Regards,
Charles Donaldson
charlesdonaldson@xxxxxxxxxxxx
-----Original Message-----
From: Gerald Combs [mailto:gerald@xxxxxxxxxxxxx]
Sent: Wednesday, November 19, 2008 12:03 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] embed comments and notes into trace?
Alan Jay Weiner wrote:
> Does anyone know of a protocol I can use in this way? It seems to me
> I remember something like this, but I'll be darned if I can find it
> now. I can mis-use something - send a DNS query to "starting doing
> something-or-other" but the info line will have other cruft on it
> ("standard query A starting doing something-or-other").
Instead of using a dummy protocol, you might want to use a file format
that lets you add comments directly to packets, such as pcap-ng:
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
http://wiki.wireshark.org/Development/PcapNg
Experimental support is currently in Wireshark, in wiretap/pcapng.[ch].