Re: Annotation(comments) of captures and interfaces (pcapng).

[Guy Harris <guy () alum mit edu>]

On Feb 22, 2012, at 9:05 AM, Anders Broman wrote:

> Spending some time on the basics for this I have a couple of questions on how to proceed.
>  
> Live captures:
> - To annotate a capture when we start it we would have to fill in pcapngs Section Header Blocks (SHB) option comment. 
> This has to be done trough dumpcap -right?

Or, in Wireshark, through an option to annotate the capture after you've made it; File -> Save would be activated, and 
it'd write out a new version of the file with a comment option in the SHB.

>   In order to do that a new argument is needed Use -C "This capture was made to prove that annotating captures work"?
>   Where to put the GUI stuff for it?

For annotating the capture when you make the capture, I'd have a field in the Capture Options dialog, activated if the 
capture is being done as a pcap-NG file rather than a pcap file.
 
> - It cold be nice to have a permanent comment attached to an interface, fits in the Interface Description Blocks(IDB) 
> comment field, does this also require an option to dumpcap?

...and, in Wireshark, a dialog of some sort to let you add comments and save the capture out.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe