top of page

Wireshark Annotation

One of the toughest things to do when analyzing packets is documentation.

I rely on my Tracefile Workbook to make notes when I need to reference a specific packet or event.

Wireshark added a pretty cool feature to help with this process. It is called the Annotation feature. There are 2 different types of annotation; File and Packet.

The File annotation allows you to make some notes regarding the trace file itself. A good example of items to note would be things like recording the test environment, use of span ports, what is being tested or finally a description of the issue.

The Packet annotation allows you to make notes within specific packets. For example you might want to make a note on the packet that caused the application error, or mark the packet that represents when the client clicked submit.

As I mentioned in the video, the key here is to make sure you use the proper file extension of pcapng to retain these notes.


111 views0 comments

Recent Posts

See All
bottom of page