Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to save filtered packets?

I'm using Wireshark Version 2.2.7 (v2.2.7-0-g1861a96). I have a one-minute capture of approximately 1 million packets. I've used a filter to view only TCP Dup Ack and Retransmissions to and from a specific IP, which results in a list of 688 packets. The filter is "(ip.src eq 10.76.210.254 || ip.dst eq 10.76.210.254) && (tcp.analysis.duplicate_ack || tcp.analysis.retransmission)".

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then save to a pcapng file.

When I open the new file, it contains 688 packets, but not the TCP packets displayed by the filter. Most are not TCP packets m,and most of the IPs are not the one I filtered out.

How do I save only the TCP Dup Ack and Retransmission packets to their own file?

How to save filtered packets?

I'm using Wireshark Version 2.2.7 (v2.2.7-0-g1861a96). I have a one-minute capture of approximately 1 million packets. I've used a filter to view only TCP Dup Ack and Retransmissions to and from a specific IP, which results in a list of 688 packets. The filter is "(ip.src eq 10.76.210.254 xx.yy.zz.n || ip.dst eq 10.76.210.254) xx.yy.zz.n) && (tcp.analysis.duplicate_ack || tcp.analysis.retransmission)".

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then save to a pcapng file.

When I open the new file, it contains 688 packets, but not the TCP packets displayed by the filter. Most are not TCP packets m,and most of the IPs are not the one I filtered out.

How do I save only the TCP Dup Ack and Retransmission packets to their own file?

How to save filtered packets?

I'm using Wireshark Version 2.2.7 (v2.2.7-0-g1861a96). I have a one-minute capture of approximately 1 million packets. I've used a filter to view only TCP Dup Ack and Retransmissions to and from a specific IP, which results in a list of 688 packets. The filter is "(ip.src eq xx.yy.zz.n || ip.dst eq xx.yy.zz.n) && (tcp.analysis.duplicate_ack || tcp.analysis.retransmission)".

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then save to a pcapng file.

When I open the new file, it contains 688 packets, but not the TCP packets displayed by the filter. Most are not TCP packets m,and ,and most of the IPs are not the one ones I filtered out.

How do I save only the TCP Dup Ack and Retransmission packets to their own file?

How to save filtered packets?

I'm using Wireshark Version 2.2.7 (v2.2.7-0-g1861a96). I have a one-minute capture of approximately 1 million packets. I've used a filter to view only TCP Dup Ack and Retransmissions to and from a specific IP, which results in a list of 688 packets. The filter is "(ip.src eq xx.yy.zz.n || ip.dst eq xx.yy.zz.n) && (tcp.analysis.duplicate_ack || tcp.analysis.retransmission)".

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then save saved to a pcapng file.

When I open the new file, it contains 688 packets, but not the TCP packets displayed by the filter. Most are not TCP packets ,and most of the IPs are not the ones I filtered out.

How do I save only the TCP Dup Ack and Retransmission packets to their own file?

How to save filtered packets?

I'm using Wireshark Version 2.2.7 (v2.2.7-0-g1861a96). I have a one-minute capture of approximately 1 million packets. I've used a filter to view only TCP Dup Ack and Retransmissions to and from a specific IP, which results in a list of 688 packets. The filter is "(ip.src eq xx.yy.zz.n || ip.dst eq xx.yy.zz.n) && (tcp.analysis.duplicate_ack || tcp.analysis.retransmission)".

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then saved to a pcapng file.

When I open the new file, it contains 688 packets, but not the TCP packets displayed by the filter. Most are not TCP packets ,and packets, and most of the IPs are not the ones I filtered out.

How do I save only the TCP Dup Ack and Retransmission packets to their own file?