I have had emails asking exactly how I use, or reference those 'packet bookmarks' I mentioned in an earlier article.

Just to be clear, this is not a Wireshark specific tip.  This a technique I use when I capture packets with any protocol analyzer.

In case you haven't heard me mention this before, I simply ping as I capture applications that always  have data continually trickling in.  Regularly, I try to note the packet number, but sometimes this may be difficult to do, or I am working alone and dont have the time to write it down.

In this video I have a customer trace file and instructed them to ping at the following points;

  • before opening the file
  • right after the file is completely loaded
  • before they save
  • right after the save is complete




