Is there a way to have wireshark capture a live tcp stream and send that stream to a file when the stream is closed? Im fairly new to Wireshark and have not been able to accomplish this task.

asked 26 Mar '13, 17:47

pgfdbug's gravatar image

pgfdbug
11112
accept rate: 0%

edited 26 Mar '13, 17:49


Wireshark always captures to file until you stop the capture. If you know what IP and ports the TCP connection is using you could create a capture filter to only capture that communication to file.

If this is not helping you you should probably edit your question to make it more specific. What "stream" do you need to capture and what do you want to accomplish?

link

answered 26 Mar '13, 19:44

Jasper's gravatar image

Jasper ♦
14.9k338202
accept rate: 16%

I am looking to have wireshark monitor a designated port and ip. When new traffic is detected I want to write that info to a file until the end of file is detected. I want a new file created every time new traffic is detected. Is this possible with wireshark.

(27 Mar '13, 13:23) pgfdbug

That would require some trigger based capture mechanism, and Wireshark doesn't have that kind of thing. You need to have a capture running to extract data from afterwards. Unfortunately you can't create single files based on events.

(27 Mar '13, 13:35) Jasper ♦

Thank you for your answer.

(28 Mar '13, 11:56) pgfdbug
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×356

Asked: 26 Mar '13, 17:47

Seen: 460 times

Last updated: 28 Mar '13, 11:56

powered by OSQA