Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Comment your Packet Captures - Extra! - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Comment your Packet Captures - Extra!

Xavier has an excellent tip for Wireshark users: Comment your Packet Captures!

In his diary entry, Xavier advises you to add comments to individual packets.


You can also add a global comment to your capture file. Go to Statistics / Capture File Properties:

You can add a comment to the capture file in the displayed dialog box:

Of course, you need to use the pcapng file format to save comments. The pcap format does not support this:


Didier Stevens
Microsoft MVP Consumer Security


652 Posts
ISC Handler
Jan 29th 2018

Sign Up for Free or Log In to start participating in the conversation!