Re: [Wireshark-users] Newbee - propose Splat Button

[Maynard, Chris via Wireshark-users]

Nice, I’m glad the information was helpful to you.

Personally, I prefer the syslog message for my marker because I find it useful 
to be able to tailor the message for each specific test, as in “CM: About to 
test ABC feature …” or “CM: Rx’d response to ABC request; now testing XYZ …”, 
etc., whereas with ping, you just get the same, generic payload for every ICMP 
echo request packet.  I find the syslog messages to be more unique and stick 
out more in a capture file too, whereas ICMP is more common to see, so 
filtering for “icmp” could also filter traffic unrelated to your markers, but I 
almost never see syslog traffic in my traces.

But whatever works for you; that’s the important thing.  If you are going to 
use ICMP packets as your markers though, then you might want to consider using 
a non-standard payload size, or making use of the “-p pattern” or possibly 
other options, as that will help your marker packtes stand out from other ICMP 
echo request/reply packets that might be in your trace.

- Chris


From: Wireshark-users  On Behalf Of Bob 
Gustafson
Sent: Friday, May 8, 2020 2:23 PM
To: wireshark-users@wireshark.org
Subject: Re: [Wireshark-users] Newbee - propose Splat Button


I went ahead with the Lua splat button and I have it working  (!!)

I used the 2nd batch of code shown below with the following changes:
-- Choose a command; here are a couple of examples:
--local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 1.1.1.1 514"
local cmd = "ping -c 1  192.168.50.56"


The documentation wasn't totally clear on whether a file 'init.lua' should be 
used or where it should go.

I finally figured out that my splat.lua file could go into 
~/.local/lib/wireshark/plugins/splat.lua

Wireshark then needs to be restarted and I can find a command 'Marker' in the 
Tools menu at the top of the Wireshark window.

The 'ping' command results in two lines - the request and the reply.

The 'nc' command worked too - only one line in wireshark output, but also a 
'Port unreachable' line following.

Thanks much for the chance to fool around a bit. Stay safe.

BobG
On 5/7/20 12:57 PM, Bob Gustafson wrote:

Super - thanks much. With code too!

Now, should I play with this new button Tool, or debug my coreos boot script...

Best regards - BobG
On 5/7/20 12:38 PM, Maynard, Chris via Wireshark-users wrote:
It seems like the desired functionality is to inject a "marker" packet into the 
capture?  If so, you could use an external program, something like ping or nc, 
to do that.  I tend to use a separate script for this, something such as:

#!/bin/sh

if (( ${#} < 1 ))
then
echo "Usage: $0  [host]"
exit 0
fi

if (( ${#} < 2 ))
then
# Send a syslog message $1 to host 1.1.1.1
echo "${1}" | nc -w 1 -u 1.1.1.1 514
else
# Send a syslog message $1 to the host $2
echo "${1}" | nc -w 1 -u ${2} 514
fi
 ping
However, if you want something like this integrated with Wireshark, then it is 
possible with Lua.  Here’s a sample “proof-of-concept” Lua script that will 
send a packet whenever you click the send button.  I successfully tested this 
on Windows (with Cygwin tools installed for nc) , but I did need to run 
Wiresahrk as an administrator for this to work.  I’ve illustrated two commands, 
ping and nc, but you can tailor it however you wish.  Here’s the contents of 
the marker.lua file that you can experiment with:

if not gui_enabled() then
return
end

local count = 1

local function marker_window()

local win = TextWindow.new("Marker");
win:set("Marker " .. count)

win:add_button("Send", function()

-- Choose a command; here are a couple of examples:
local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 1.1.1.1 514"
--local cmd = "ping -n 1 -l 100 1.1.1.1"

os.execute (cmd)
count = count + 1
win:set("Marker " .. count)
end)

end
register_menu("Marker", marker_window, MENU_TOOLS_UNSORTED)

You can call it splat.lua and rename “Marker” to “Splat” if you prefer that.  
The file should be stored in your Wireshark plugins directory.  If Wireshark is 
running, you’ll need to restart it.  Refer to 
https://wiki.wireshark.org/Lua/Examples#dialogs_and_TextWindows for more 
information or to the Lua section of the Wireshark Developer’s Guide: 
https://www.wireshark.org/docs/wsdg_html_chunked/wslua_menu_example.html.

Hope it helps.
- Chris

-Original Message-
From: Wireshark-users 
<mailto:wireshark-users-boun...@wireshark.org>
 On Behalf Of Bob Gustafson
Sent: Thursday, May 7, 2020 12:48 PM
To: wireshark-users@wireshark.org<mailto:wireshark-users@wireshark.org>; Jaap 
Keuter <mailto:jaap.keu...@xs4all.nl>
Subject: Re: [Wireshark-users] Newbee - propose Splat Button

Thanks Jaap.

I am on the Fedora31. When I hit Edit->Mar

Re: [Wireshark-users] Newbee - propose Splat Button

[Bob Gustafson]

I went ahead with the Lua splat button and I have it working (!!)

I used the 2nd batch of code shown below with the following changes:

-- Choose a command; here are a couple of examples:
    --local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 
1.1.1.1 514"

    local cmd = "ping -c 1 192.168.50.56"

The documentation wasn't totally clear on whether a file 'init.lua' 
should be used or where it should go.


I finally figured out that my splat.lua file could go into 
~/.local/lib/wireshark/plugins/splat.lua


Wireshark then needs to be restarted and I can find a command 'Marker' 
in the Tools menu at the top of the Wireshark window.


The 'ping' command results in two lines - the request and the reply.

The 'nc' command worked too - only one line in wireshark output, but 
also a 'Port unreachable' line following.


Thanks much for the chance to fool around a bit. Stay safe.

BobG

On 5/7/20 12:57 PM, Bob Gustafson wrote:


Super - thanks much. With code too!

Now, should I play with this new button Tool, or debug my coreos boot 
script...


Best regards - BobG

On 5/7/20 12:38 PM, Maynard, Chris via Wireshark-users wrote:
It seems like the desired functionality is to inject a "marker" 
packet into the capture?  If so, you could use an external program, 
something like /ping/ or /nc/, to do that.  I tend to use a separate 
script for this, something such as:

#!/bin/sh
if (( ${#} < 1 ))
then
    echo "Usage: $0  [host]"
    exit 0
fi
if (( ${#} < 2 ))
then
    # Send a syslog message $1 to host 1.1.1.1
    echo "${1}" | nc -w 1 -u 1.1.1.1 514
else
    # Send a syslog message $1 to the host $2
    echo "${1}" | nc -w 1 -u ${2} 514
fi
 ping
However, if you want something like this integrated with Wireshark, 
then it is possible with Lua.  Here’s a sample “proof-of-concept” Lua 
script that will send a packet whenever you click the send button.  I 
successfully tested this on Windows (with Cygwin tools installed for 
/nc/) , but I did need to run Wiresahrk as an administrator for this 
to work.  I’ve illustrated two commands, /ping/ and /nc/, but you can 
tailor it however you wish.  Here’s the contents of the marker.lua 
file that you can experiment with:

if not gui_enabled() then
    return
end
local count = 1
local function marker_window()
    local win = TextWindow.new("Marker");
    win:set("Marker " .. count)
win:add_button("Send", function()
    -- Choose a command; here are a couple of examples:
    local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 
1.1.1.1 514"

    --local cmd = "ping -n 1 -l 100 1.1.1.1"
    os.execute (cmd)
    count = count + 1
win:set("Marker " .. count)
    end)
end
register_menu("Marker", marker_window, MENU_TOOLS_UNSORTED)
You can call it splat.lua and rename /“Marker”/ to /“Splat”/ if you 
prefer that.  The file should be stored in your Wireshark plugins 
directory.  If Wireshark is running, you’ll need to restart it.  
Refer to 
_https://wiki.wireshark.org/Lua/Examples#dialogs_and_TextWindows_ for 
more information or to the Lua section of the Wireshark Developer’s 
Guide: 
_https://www.wireshark.org/docs/wsdg_html_chunked/wslua_menu_example.html_.

Hope it helps.
- Chris
-Original Message-
From: Wireshark-users  On 
Behalf Of Bob Gustafson

Sent: Thursday, May 7, 2020 12:48 PM
To: wireshark-users@wireshark.org; Jaap Keuter 
Subject: Re: [Wireshark-users] Newbee - propose Splat Button
Thanks Jaap.
I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - 
no mark... Ahh, when I move cursor off packet to be marked, I see 
marked packet as white on black rather than white on blue.

The functionality I'm looking for is to actually store the user button
(splat) in the saved file. But maybe I don't need that if I just keep 
Wireshark open on my screen. Also, other users may use the saved file 
for other purposes - parse and act. Having a splat actually in the 
saved file might not be so good. But then, those folks probably would 
not be looking at the screen anyway.
I will do my experiments again (and again) and use the Mark feature. 
It may be good enough.

Thanks much - BobG
On 5/7/20 11:08 AM, Jaap Keuter wrote:
> Hi Bob,
>
> Good to hear the program is helpful for your quest.
>
> As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a packet from the list, hit ⌘M (on 
macOS) / probably Ctrl+M (on others). You can also find the option in 
the Edit menu. Unfortunately these marks are not (yet) saved to the 
capture file, but remain as long as the capture is loaded.

>
> Hope it helps,
> Jaap
>
>
>> On 7 May 2020, at 17:43, Bob Gustafson mailto:bob...@rcn.com>> wrote:
>>
>> Hi list
>>
>> I'm in the process of working through the initial boot of a new 

Re: [Wireshark-users] Newbee - propose Splat Button

[Bob Gustafson]

Super - thanks much. With code too!

Now, should I play with this new button Tool, or debug my coreos boot 
script...


Best regards - BobG

On 5/7/20 12:38 PM, Maynard, Chris via Wireshark-users wrote:
It seems like the desired functionality is to inject a "marker" packet 
into the capture?  If so, you could use an external program, something 
like /ping/ or /nc/, to do that. I tend to use a separate script for 
this, something such as:

#!/bin/sh
if (( ${#} < 1 ))
then
    echo "Usage: $0  [host]"
    exit 0
fi
if (( ${#} < 2 ))
then
    # Send a syslog message $1 to host 1.1.1.1
    echo "${1}" | nc -w 1 -u 1.1.1.1 514
else
    # Send a syslog message $1 to the host $2
    echo "${1}" | nc -w 1 -u ${2} 514
fi
However, if you want something like this integrated with Wireshark, 
then it is possible with Lua.  Here’s a sample “proof-of-concept” Lua 
script that will send a packet whenever you click the send button.  I 
successfully tested this on Windows (with Cygwin tools installed for 
/nc/) , but I did need to run Wiresahrk as an administrator for this 
to work.  I’ve illustrated two commands, /ping/ and /nc/, but you can 
tailor it however you wish.  Here’s the contents of the marker.lua 
file that you can experiment with:

if not gui_enabled() then
    return
end
local count = 1
local function marker_window()
    local win = TextWindow.new("Marker");
    win:set("Marker " .. count)
win:add_button("Send", function()
    -- Choose a command; here are a couple of examples:
    local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 1.1.1.1 
514"

    --local cmd = "ping -n 1 -l 100 1.1.1.1"
    os.execute (cmd)
    count = count + 1
    win:set("Marker " .. count)
    end)
end
register_menu("Marker", marker_window, MENU_TOOLS_UNSORTED)
You can call it splat.lua and rename /“Marker”/ to /“Splat”/ if you 
prefer that.  The file should be stored in your Wireshark plugins 
directory. If Wireshark is running, you’ll need to restart it.  Refer 
to _https://wiki.wireshark.org/Lua/Examples#dialogs_and_TextWindows_ 
for more information or to the Lua section of the Wireshark 
Developer’s Guide: 
_https://www.wireshark.org/docs/wsdg_html_chunked/wslua_menu_example.html_.

Hope it helps.
- Chris
-Original Message-
From: Wireshark-users  On 
Behalf Of Bob Gustafson

Sent: Thursday, May 7, 2020 12:48 PM
To: wireshark-users@wireshark.org; Jaap Keuter 
Subject: Re: [Wireshark-users] Newbee - propose Splat Button
Thanks Jaap.
I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - 
no mark... Ahh, when I move cursor off packet to be marked, I see 
marked packet as white on black rather than white on blue.

The functionality I'm looking for is to actually store the user button
(splat) in the saved file. But maybe I don't need that if I just keep 
Wireshark open on my screen. Also, other users may use the saved file 
for other purposes - parse and act. Having a splat actually in the 
saved file might not be so good. But then, those folks probably would 
not be looking at the screen anyway.
I will do my experiments again (and again) and use the Mark feature. 
It may be good enough.

Thanks much - BobG
On 5/7/20 11:08 AM, Jaap Keuter wrote:
> Hi Bob,
>
> Good to hear the program is helpful for your quest.
>
> As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a packet from the list, hit ⌘M (on macOS) / 
probably Ctrl+M (on others). You can also find the option in the Edit 
menu. Unfortunately these marks are not (yet) saved to the capture 
file, but remain as long as the capture is loaded.

>
> Hope it helps,
> Jaap
>
>
>> On 7 May 2020, at 17:43, Bob Gustafson mailto:bob...@rcn.com>> wrote:
>>
>> Hi list
>>
>> I'm in the process of working through the initial boot of a new box, a new 
os (coreos), and a new (to me) iPXE.
>>
>> It is a trial and error process for me - my coding is a bit sloppy and I don't read all of the instructions the 
first time around.

>>
>> Wireshark has been very helpful as the boot process is between the new box and a host (Fedora31) I can see all of 
the successes and failures that hit the net.

>>
>> -
>>
>> To increase my visibility, rather than using a boot script, I am keying in the boot steps by hand (kernel, initrd, 
...) and then observing the results on my minicom screen and on wireshark.

>>
>> This is a long process (given my errors..).
>>
>> I can copy the lines on my minicom screen and copy the lines from wireshark for subsequent inspection with a cup of 
coffee.

>>
>> It would really be nice if I could mouse over to the Wireshark window during my actions and click on a special BUTTON, 
which would enter a bl

Re: [Wireshark-users] Newbee - propose Splat Button

[Bob Gustafson]

On 5/7/20 12:05 PM, Graham Bloice wrote:




On Thu, 7 May 2020 at 17:48, Bob Gustafson > wrote:


Thanks Jaap.

I am on the Fedora31. When I hit Edit->Mark Packet, nothing
happens - no
mark... Ahh, when I move cursor off packet to be marked, I see marked
packet as white on black rather than white on blue.

The functionality I'm looking for is to actually store the user
button
(splat) in the saved file. But maybe I don't need that if I just keep
Wireshark open on my screen. Also, other users may use the saved file
for other purposes - parse and act. Having a splat actually in the
saved
file might not be so good. But then, those folks probably would
not be
looking at the screen anyway.

I will do my experiments again (and again) and use the Mark
feature. It
may be good enough.

Thanks much - BobG

On 5/7/20 11:08 AM, Jaap Keuter wrote:
> Hi Bob,
>
> Good to hear the program is helpful for your quest.
>
> As for your purpose, does the ‘Mark Packet’ feature do the
trick? Select a packet from the list, hit ⌘M (on macOS) / probably
Ctrl+M (on others). You can also find the option in the Edit menu.
Unfortunately these marks are not (yet) saved to the capture file,
but remain as long as the capture is loaded.
>
> Hope it helps,
> Jaap
>
>
>> On 7 May 2020, at 17:43, Bob Gustafson mailto:bob...@rcn.com>> wrote:
>>
>> Hi list
>>
>> I'm in the process of working through the initial boot of a new
box, a new os (coreos), and a new (to me) iPXE.
>>
>> It is a trial and error process for me - my coding is a bit
sloppy and I don't read all of the instructions the first time around.
>>
>> Wireshark has been very helpful as the boot process is between
the new box and a host (Fedora31) I can see all of the successes
and failures that hit the net.
>>
>> -
>>
>> To increase my visibility, rather than using a boot script, I
am keying in the boot steps by hand (kernel, initrd, ...) and then
observing the results on my minicom screen and on wireshark.
>>
>> This is a long process (given my errors..).
>>
>> I can copy the lines on my minicom screen and copy the lines
from wireshark for subsequent inspection with a cup of coffee.
>>
>> It would really be nice if I could mouse over to the Wireshark
window during my actions and click on a special BUTTON, which
would enter a blank (or default or TBD text) into a new line on
the Wireshark packet transcript window. The SPLAT.
>>
>> Then, when I look at the minicom save, and the wireshark save,
I can see roughly what I did at various places in time without
having to ponder the Time column in wireshark.
>>
>> Thanks for your attention, keep safe, wash hands
>>
>> Bob Gustafson
>>


There's also the ability to add a free-format textual comment to each 
packet.  Right click a packet in the list and choose "Packet 
Comment...", shortcut keys appropriate for your OS will be available.  
Comments are saved with the file.


Unfortunately packet comments don't show up until you save the file 
and reload it, this might be worthy of a bug


--
Graham Bloice

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
  mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe



Ok, cool, I will check it out. However, the fact that it does not show 
in the current window, but only in the saved file would mean I would 
have to save and then look at it later (like I originally proposed..). 
I'm thinking that the Mark Packet command is probably going to be all I 
need.


If there were a combination feature which would show immediately and 
stick for the saved file - that of course would be the best of both 
worlds. The SaveAndShowLater is good for (eventual) documentation of 
what happened.


Thanks much - BobG

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
 mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-users] Newbee - propose Splat Button

[Maynard, Chris via Wireshark-users]

It seems like the desired functionality is to inject a "marker" packet into the 
capture?  If so, you could use an external program, something like ping or nc, 
to do that.  I tend to use a separate script for this, something such as:

  #!/bin/sh

  if (( ${#} < 1 ))
  then
  echo "Usage: $0  [host]"
  exit 0
  fi

  if (( ${#} < 2 ))
  then
  # Send a syslog message $1 to host 1.1.1.1
  echo "${1}" | nc -w 1 -u 1.1.1.1 514
  else
  # Send a syslog message $1 to the host $2
  echo "${1}" | nc -w 1 -u ${2} 514
  fi

However, if you want something like this integrated with Wireshark, then it is 
possible with Lua.  Here’s a sample “proof-of-concept” Lua script that will 
send a packet whenever you click the send button.  I successfully tested this 
on Windows (with Cygwin tools installed for nc) , but I did need to run 
Wiresahrk as an administrator for this to work.  I’ve illustrated two commands, 
ping and nc, but you can tailor it however you wish.  Here’s the contents of 
the marker.lua file that you can experiment with:

  if not gui_enabled() then
  return
  end

  local count = 1

  local function marker_window()

  local win = TextWindow.new("Marker");
  win:set("Marker " .. count)

  win:add_button("Send", function()

  -- Choose a command; here are a couple of examples:
  local cmd = "echo " .. win:get_text() .. "| nc -w 1 -u 1.1.1.1 
514"
  --local cmd = "ping -n 1 -l 100 1.1.1.1"

  os.execute (cmd)
  count = count + 1
  win:set("Marker " .. count)
  end)

  end
  register_menu("Marker", marker_window, MENU_TOOLS_UNSORTED)

You can call it splat.lua and rename “Marker” to “Splat” if you prefer that.  
The file should be stored in your Wireshark plugins directory.  If Wireshark is 
running, you’ll need to restart it.  Refer to 
https://wiki.wireshark.org/Lua/Examples#dialogs_and_TextWindows for more 
information or to the Lua section of the Wireshark Developer’s Guide: 
https://www.wireshark.org/docs/wsdg_html_chunked/wslua_menu_example.html.

Hope it helps.
- Chris

-Original Message-
From: Wireshark-users  On Behalf Of Bob 
Gustafson
Sent: Thursday, May 7, 2020 12:48 PM
To: wireshark-users@wireshark.org; Jaap Keuter 
Subject: Re: [Wireshark-users] Newbee - propose Splat Button

Thanks Jaap.

I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - no 
mark... Ahh, when I move cursor off packet to be marked, I see marked packet as 
white on black rather than white on blue.

The functionality I'm looking for is to actually store the user button
(splat) in the saved file. But maybe I don't need that if I just keep Wireshark 
open on my screen. Also, other users may use the saved file for other purposes 
- parse and act. Having a splat actually in the saved file might not be so 
good. But then, those folks probably would not be looking at the screen anyway.

I will do my experiments again (and again) and use the Mark feature. It may be 
good enough.

Thanks much - BobG

On 5/7/20 11:08 AM, Jaap Keuter wrote:
> Hi Bob,
>
> Good to hear the program is helpful for your quest.
>
> As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a 
> packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others). You 
> can also find the option in the Edit menu. Unfortunately these marks are not 
> (yet) saved to the capture file, but remain as long as the capture is loaded.
>
> Hope it helps,
> Jaap
>
>
>> On 7 May 2020, at 17:43, Bob Gustafson 
>> mailto:bob...@rcn.com>> wrote:
>>
>> Hi list
>>
>> I'm in the process of working through the initial boot of a new box, a new 
>> os (coreos), and a new (to me) iPXE.
>>
>> It is a trial and error process for me - my coding is a bit sloppy and I 
>> don't read all of the instructions the first time around.
>>
>> Wireshark has been very helpful as the boot process is between the new box 
>> and a host (Fedora31) I can see all of the successes and failures that hit 
>> the net.
>>
>> -
>>
>> To increase my visibility, rather than using a boot script, I am keying in 
>> the boot steps by hand (kernel, initrd, ...) and then observing the results 
>> on my minicom screen and on wireshark.
>>
>> This is a long process (given my errors..).
>>
>> I can copy the lines on my minicom screen and copy the lines from wireshark 
>> for subsequent inspection with a cup of coffee.
>>
>> It would really be nice if I could mouse over to the Wireshark window during 
>

Re: [Wireshark-users] Newbee - propose Splat Button

[Bob Gustafson]

Thanks Jaap.

I am on the Fedora31. When I hit Edit->Mark Packet, nothing happens - no 
mark... Ahh, when I move cursor off packet to be marked, I see marked 
packet as white on black rather than white on blue.


The functionality I'm looking for is to actually store the user button 
(splat) in the saved file. But maybe I don't need that if I just keep 
Wireshark open on my screen. Also, other users may use the saved file 
for other purposes - parse and act. Having a splat actually in the saved 
file might not be so good. But then, those folks probably would not be 
looking at the screen anyway.


I will do my experiments again (and again) and use the Mark feature. It 
may be good enough.


Thanks much - BobG

On 5/7/20 11:08 AM, Jaap Keuter wrote:

Hi Bob,

Good to hear the program is helpful for your quest.

As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a 
packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others). You can 
also find the option in the Edit menu. Unfortunately these marks are not (yet) 
saved to the capture file, but remain as long as the capture is loaded.

Hope it helps,
Jaap



On 7 May 2020, at 17:43, Bob Gustafson  wrote:

Hi list

I'm in the process of working through the initial boot of a new box, a new os 
(coreos), and a new (to me) iPXE.

It is a trial and error process for me - my coding is a bit sloppy and I don't 
read all of the instructions the first time around.

Wireshark has been very helpful as the boot process is between the new box and 
a host (Fedora31) I can see all of the successes and failures that hit the net.

-

To increase my visibility, rather than using a boot script, I am keying in the 
boot steps by hand (kernel, initrd, ...) and then observing the results on my 
minicom screen and on wireshark.

This is a long process (given my errors..).

I can copy the lines on my minicom screen and copy the lines from wireshark for 
subsequent inspection with a cup of coffee.

It would really be nice if I could mouse over to the Wireshark window during my 
actions and click on a special BUTTON, which would enter a blank (or default or 
TBD text) into a new line on the Wireshark packet transcript window. The SPLAT.

Then, when I look at the minicom save, and the wireshark save, I can see 
roughly what I did at various places in time without having to ponder the Time 
column in wireshark.

Thanks for your attention, keep safe, wash hands

Bob Gustafson

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
  mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-users] Newbee - propose Splat Button

[Jaap Keuter]

Hi Bob,

Good to hear the program is helpful for your quest.

As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a 
packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others). You can 
also find the option in the Edit menu. Unfortunately these marks are not (yet) 
saved to the capture file, but remain as long as the capture is loaded.

Hope it helps,
Jaap


> On 7 May 2020, at 17:43, Bob Gustafson  wrote:
> 
> Hi list
> 
> I'm in the process of working through the initial boot of a new box, a new os 
> (coreos), and a new (to me) iPXE.
> 
> It is a trial and error process for me - my coding is a bit sloppy and I 
> don't read all of the instructions the first time around.
> 
> Wireshark has been very helpful as the boot process is between the new box 
> and a host (Fedora31) I can see all of the successes and failures that hit 
> the net.
> 
> -
> 
> To increase my visibility, rather than using a boot script, I am keying in 
> the boot steps by hand (kernel, initrd, ...) and then observing the results 
> on my minicom screen and on wireshark.
> 
> This is a long process (given my errors..).
> 
> I can copy the lines on my minicom screen and copy the lines from wireshark 
> for subsequent inspection with a cup of coffee.
> 
> It would really be nice if I could mouse over to the Wireshark window during 
> my actions and click on a special BUTTON, which would enter a blank (or 
> default or TBD text) into a new line on the Wireshark packet transcript 
> window. The SPLAT.
> 
> Then, when I look at the minicom save, and the wireshark save, I can see 
> roughly what I did at various places in time without having to ponder the 
> Time column in wireshark.
> 
> Thanks for your attention, keep safe, wash hands
> 
> Bob Gustafson
> 
> ___
> Sent via:Wireshark-users mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-users mailing list 
Archives:https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
 mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe