I have had emails asking exactly how I use, or reference those 'packet bookmarks' I mentioned in an earlier article.
Just to be clear, this is not a Wireshark specific tip. This a technique I use when I capture packets with any protocol analyzer.
In case you haven't heard me mention this before, I simply ping as I capture applications that always have data continually trickling in. Regularly, I try to note the packet number, but sometimes this may be difficult to do, or I am working alone and dont have the time to write it down.
In this video I have a customer trace file and instructed them to ping at the following points;
- before opening the file
- right after the file is completely loaded
- before they save
- right after the save is complete