Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hi Genesius,

  • Sanitize: You want to use TraceWrangler, made by Wireshark Contributor Jasper Bongertz.
  • Remove TCP payload: Use editcap with a snaplen
  • Remove packets: Filter them out with a display filter in Wireshark and then File > Export Specified Packets. In tshark, this is tshark -r $file -Y "$display_filter" -w $filtered_file.

I agree with @cmaynard that checking out the Wireshark Tools page will help you.