|
I captured traffic for a specific subnet, I need to be able to filter the output, and save the results so I can send the files off to the manufacturer. Wireshark ver. 1.4.1 Example: Capture filter: net 1.1.1.0/24 This captured a lot of packets, since I needed it to run until a failure in the hardware occurred, and it is random when they fail. Once I stopped the filter, I can then use a display filter to track one of the devices on that subnet Example: Display Filter: ip.addr == 1.1.1.1 The display changes to show just that IP, but I want to be able to save just those packets, to send to manufacturer. Anyone have any ideas? Thanks, |
|
Nevermind, I got it. Jasper had the answer. tshark -r <chunkfile##> -R "ip.addr eq XX.XX.XX.XX" -w <filteredfile##> |
|
If you're working in the GUI, simply click File > Save As. Browse to the location where you'd like to save your file, and enter a file name. In the "Packet Range" box, select "All packets" on the left and "Displayed" at the top. Click "Save." |
