Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

At a glance, I can't find any easy/easier way to do this. See below:

Right click on the packet(s) you're interested in and mark them. Then go to File > Export Specified Packets > Select the radio button "Marked Packets" The result is a capture file with only the marked packet(s). From there you can select follow TCP stream and you'll have it isolated to what you're interested in.

At a glance, I can't find any easy/easier way to do this. See below:

Right click on the packet(s) you're interested in and mark them. Then go to File > Export Specified Packets > Select the radio button "Marked Packets" Packets". The result is a capture file with only the marked packet(s). From there you can select follow TCP stream and you'll have it isolated to what you're interested in.in. This solution doesn't scale very well, but for grabbing/analyzing a few packets it works fine. Additionally, you can click around in the ASCII breakdown of the stream and Wireshark will select the related packet in the decode pane.