1. An overview of the
This section describes the Wireshark packet capture mechanism and its functions. The following article details how to save packets captured by the Wireshark network analyzer in a variety of different ways. The Wireshark can save data in the main capture window in different formats and file types.
2. Wireshark view the version
If you do not know the Wireshark version in use, choose Help > Menu bar, and then click About Wireshark (A) to display the Wireshark details. See Figure 1.
▲Wireshark version information
Figure 1 shows that the Wireshark version in use is 2.6.6.
3. Wireshark view system folders
The Wireshark analyzer software stores system folders of various files on a disk path on a computer. For example: personal configuration information, global configuration information, captured file storage path and some plug-in storage disk path and so on. As shown in Figure 2, the opening method refers to section 2 above. The file dialog box under the folder is where I store the captured package files in the main window. Therefore, the next time you forget the location of the captured packet file on the disk, you can open the page in Wireshark without aimlessly searching for it.
▲ Wireshark version information
4. Save the captured packet file
This section focuses on how to save captured data. Therefore, the operation methods of capturing specific data packets and screening certain qualified data from captured data packets are not involved here. The following chapters are devoted to the operation of packet filtering. To capture packets, click the Start Capture button on the Wireshark and capture all network packets that pass through all network adapters on the Wireshark. There are two ways to open it.
- Methods a
▲ Wireshark Packet capture 1
- Method 2
▲ Wireshark Packet capture 2
4.1 Save complete data packets
Save the complete data package captured in the main window, it is very simple, directly click “menu bar – [File]” button, and then click “Save” or “save”.
▲ Wireshark Saves complete data packets
4.2 Saving Some Data packets
You can selectively save partial packets displayed in the Wireshark main window. For example, only the numbered packets, marked packets, selected packets or packets filtered through the display filter are saved.
4.2.1 Save the data packets filtered by display Filter
All packets captured in the main window are filtered by “Display filter”. The filtering condition is “Find the packets whose source IP address is XX and destination IP address is XX”. After filtering, you can see that three packets meet the conditions as follows:
▲ Display Filtering of Packets in the Wireshark
To save the three filtered packets, select “Menu bar – [File (F)]”, and then select “Export specific group…”. Is displayed in the lower right corner. Finally, select [All packets], [Displayed] and specify the file name to complete the operation.
▲Wireshark Saves and displays filtered data packets
4.2.2 Save packets in the range of “Two Marked Packet areas”
On the packet list in the main window, mark the data required according to your choice (marking method: select the packet to be marked with the mouse, right click to pop up the “mark” option). Two packets have been marked and are separated by a list of three packets. See Figure 7.
▲ The Wireshark labels two data packets
Select “Menu Bar – [File (F)]” and then “Export specific Groups…” Is displayed in the lower right corner. To complete the operation, select First to last marked, [Displayed]. Note: As can be seen from Figure 8, the data Displayed below Displayed is “5”, which is consistent with the data amount within the range of the two data packets marked by us.
▲ Wireshark Saves two marked data packets
4.2.3 Save the data packets within the specified number range
As shown in 1 in the figure below, the number of packets ranges from 371-375, and there are five packets in total (note: the bar between the start and end numbers must be separated by Spaces).
▲ Wireshark Saves data packets within the packet id range
4.2.4 Saving labeled data packets
A total of nine packets are currently tagged, as shown in Figure 10.
Figure 10 Wireshark marking 10 data packets
The selection of its save operation is shown in Figure 11 below.
▲1 Wireshark saves 10 marked data packets
4.2.5 Saving selected Data packets
Select the packet numbered 360 and do the same as before. Then select “Selected Packet”, name the file, and click “Save”.
▲ Wireshark Saves the selected data packets
This article uses the article synchronization assistant to synchronize