Viewing packet notes
The Notes view displays all of notes annotated to packets in the capture window or capture file. You can edit or delete notes from the Notes view, or you can go to the packet in the Packets view to which the note is attached.
Additionally, you can import events from supported file formats into the Notes view. Typically, these events are from a supported IDS/IPS, such as Snort® or Suricata. To import an events file from Snort or Suricata, you must first save the events from Snort as a Snort Fast log file, and save the events from Suricata as an EVE JSON file. The events in the events file must correspond to packets contained within the capture file.
NOTE: The Notes view is not supported in a Capture Engine capture window.
The parts of the Notes view are described here:
• File Summary: Displays any notes associated with capture window or file. Hover over the File Summary to access File Properties, where you can add additional notes for the capture window or file, and import events from supported file formats.
• Packet Notes: Display all notes associated with the packets of a capture window or file. Hover over the packet note to access controls for editing, deleting, or ‘jumping’ to the packet in the Packets view. If the note contains hyperlinks, you can click them and open the link in your default browser.