Wireshark mailing list archives

Re: Newbee - propose Splat Button

From: Bob Gustafson <bobgus () rcn com>
Date: Thu, 7 May 2020 12:47:14 -0500

On 5/7/20 12:05 PM, Graham Bloice wrote:

On Thu, 7 May 2020 at 17:48, Bob Gustafson <bobgus () rcn com<mailto:bobgus () rcn com>> wrote:


    Thanks Jaap.

    I am on the Fedora31. When I hit Edit->Mark Packet, nothing
    happens - no
    mark... Ahh, when I move cursor off packet to be marked, I see marked
    packet as white on black rather than white on blue.

    The functionality I'm looking for is to actually store the user
    button
    (splat) in the saved file. But maybe I don't need that if I just keep
    Wireshark open on my screen. Also, other users may use the saved file
    for other purposes - parse and act. Having a splat actually in the
    saved
    file might not be so good. But then, those folks probably would
    not be
    looking at the screen anyway.

    I will do my experiments again (and again) and use the Mark
    feature. It
    may be good enough.

    Thanks much - BobG

    On 5/7/20 11:08 AM, Jaap Keuter wrote:
    > Hi Bob,
    >
    > Good to hear the program is helpful for your quest.
    >
    > As for your purpose, does the ‘Mark Packet’ feature do the
    trick? Select a packet from the list, hit ⌘M (on macOS) / probably
    Ctrl+M (on others). You can also find the option in the Edit menu.
    Unfortunately these marks are not (yet) saved to the capture file,
    but remain as long as the capture is loaded.
    >
    > Hope it helps,
    > Jaap
    >
    >
    >> On 7 May 2020, at 17:43, Bob Gustafson <bobgus () rcn com
    <mailto:bobgus () rcn com>> wrote:
    >>
    >> Hi list
    >>
    >> I'm in the process of working through the initial boot of a new
    box, a new os (coreos), and a new (to me) iPXE.
    >>
    >> It is a trial and error process for me - my coding is a bit
    sloppy and I don't read all of the instructions the first time around.
    >>
    >> Wireshark has been very helpful as the boot process is between
    the new box and a host (Fedora31) I can see all of the successes
    and failures that hit the net.
    >>
    >> -----
    >>
    >> To increase my visibility, rather than using a boot script, I
    am keying in the boot steps by hand (kernel, initrd, ...) and then
    observing the results on my minicom screen and on wireshark.
    >>
    >> This is a long process (given my errors..).
    >>
    >> I can copy the lines on my minicom screen and copy the lines
    from wireshark for subsequent inspection with a cup of coffee.
    >>
    >> It would really be nice if I could mouse over to the Wireshark
    window during my actions and click on a special BUTTON, which
    would enter a blank (or default or TBD text) into a new line on
    the Wireshark packet transcript window. The SPLAT.
    >>
    >> Then, when I look at the minicom save, and the wireshark save,
    I can see roughly what I did at various places in time without
    having to ponder the Time column in wireshark.
    >>
    >> Thanks for your attention, keep safe, wash hands
    >>
    >> Bob Gustafson
    >>

There's also the ability to add a free-format textual comment to eachpacket. Right click a packet in the list and choose "PacketComment...", shortcut keys appropriate for your OS will be available. Comments are saved with the file.

Unfortunately packet comments don't show up until you save the fileand reload it, this might be worthy of a bug


--
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Ok, cool, I will check it out. However, the fact that it does not showin the current window, but only in the saved file would mean I wouldhave to save and then look at it later (like I originally proposed..).I'm thinking that the Mark Packet command is probably going to be all Ineed.

If there were a combination feature which would show immediately andstick for the saved file - that of course would be the best of bothworlds. The SaveAndShowLater is good for (eventual) documentation ofwhat happened.


Thanks much - BobG

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Newbee - propose Splat Button Bob Gustafson (May 07)
- Re: Newbee - propose Splat Button Jaap Keuter (May 07)
  - Re: Newbee - propose Splat Button Bob Gustafson (May 07)
    - Re: Newbee - propose Splat Button Graham Bloice (May 07)
    - Re: Newbee - propose Splat Button Bob Gustafson (May 07)
    - Re: Newbee - propose Splat Button Maynard, Chris via Wireshark-users (May 07)
    - Re: Newbee - propose Splat Button Bob Gustafson (May 07)
    - Re: Newbee - propose Splat Button Bob Gustafson (May 08)
    - Re: Newbee - propose Splat Button Maynard, Chris via Wireshark-users (May 08)