Steps of Marking Packets in Wireshark

In Wireshark, we can mark captured packets in the “Packet List” pane so that some essential packets can be found easily in a capture file having many captured packets. The packets which are marked are displayed with a black background and white foreground, even if they have pre-defined coloring rules already set. When we mark a packet, its entry disappears from the Packet List, Packet Details, and Packet Bytes. The information is not stored in the capture file. It will be lost when the capture file is closed.

Mark/Unmark Packets in Wireshark:

To Mark/Unmark packets in Wireshark, follow the below steps:

• Start the Wireshark by selecting the network we want to analyze or opening any previously saved captured file.
• Select one or more packets you want to be marked by Wireshark.
• Now click on the Edit → Mark/Unmark Packet option. It toggles the marked state of a single packet.

 

The marked packets will be displayed in Wireshark like this :

 

We can unmark all the marked packets by Clicking on Edit → Unmark All Displayed to reset the marked state of all packets. The “Mark All Displayed” sets the marked state of all displayed packets. Packet marking can be used to control the output of packets when saving, exporting, or printing.