Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Why do JSON and PDML exports have different data from the same session?

I am new to Wireshark. I filtered my captured packet traffic to an IP address associated with an HTTPS site I control. When exporting this data, I tried exporting it to .csv, .json, .pdml, etc.

Why do the contents of these files differ despite exporting the same data? For example, the PDML file contains information from the "info" column, which seems like a user-friendly column that summarizes the purpose of that packet. For example, "Client Hello" or "Application Data." This same information is absent from the .json file. Why is that the case? What other information is included in the .PDML but not in the .JSON, and vice versa?

I could not find any documentation for these differences and it is difficult to manually parse any patterns.