Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Annotating capture files and/or pcap pre-processing

From: Hadriel Kaplan <HKaplan@xxxxxxxxxxxxxx>
Date: Fri, 12 Nov 2010 00:35:25 -0500
On Nov 11, 2010, at 8:45 PM, Guy Harris wrote:

> On Nov 11, 2010, at 5:27 PM, Hadriel Kaplan wrote:
> 
>> If you do it, please make it agnostic to the file format, or at least easy to patch for other file formats.  Wireshark supports reading/writing multiple file formats, some of which also support per-packet comments,
> 
> Which ones other than the current version of Network Monitor format support per-packet comments?

A proprietary one my company uses that we recently added a wiretap reader for (and plan to submit a patch for as soon as we're more sure we've got its bugs out).
And I've been talking to some folks about adding it for IPFIX files (as well as a magic file header).

But I was also thinking some of the other ascii file formats which have things like software version and other show command type output could be saved into a comment at the top of the file. 

And in some weird ways, any ascii-formatted file formats could in theory be commented by a human through a text editor, and as long as they put the comment in some common delimited way defined by the wiretap reader for that file type, it would allow displaying in wireshark. (Which is kinda a weird thought)

-hadriel