Ask Your Question
0

Mismatch in record totals

asked 2020-02-24 18:43:24 +0000

When I filter a packet capture, and then export the filtered packets, the capture numbers do not match. On the filtered display, the status bar would be x records displayed. But when I go to export specified packets, the total in displayed, all packets would be y records under displayed and with all packets selected. More often than not, x <> y.

Why does is it usually not true that x = y and how do I get the numbers to match?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-24 19:31:59 +0000

cmaynard gravatar image

This is most likely due to Wireshark saving all dependent frames along with the displayed frames. See Bug 7667.

If you don't want dependent frames to be saved, then there are a few work-arounds, as mentioned in the bug report. My suggestion in Comment 14 was to mark all displayed packets after applying the display filter, and then instead of exporting all displayed frames, export all marked frames. I believe that work-around should still work if you really don't want the dependent frames saved, but keep in mind that if you don't also export the dependent frames, then things like reassembly won't work. Generally it's a good idea to export the dependent frames unless you have a very specific reason not to.

edit flag offensive delete link more

Comments

1

Thank you for your answer. This worked! I have to say that I'm really impressed. Many times when questions are asked on forums like these, people just post replies without understanding the problem or objective(s).

Thank you again!

aolsuxthebigone@yahoo.com gravatar image[email protected] ( 2020-02-25 17:04:07 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-02-24 18:43:24 +0000

Seen: 462 times

Last updated: Feb 24 '20