This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Live TCP stream capture to a file

0

Is there a way to have wireshark capture a live tcp stream and send that stream to a file when the stream is closed? Im fairly new to Wireshark and have not been able to accomplish this task.

asked 26 Mar '13, 17:47

pgfdbug's gravatar image

pgfdbug
11112
accept rate: 0%

edited 26 Mar '13, 17:49


One Answer:

0

Wireshark always captures to file until you stop the capture. If you know what IP and ports the TCP connection is using you could create a capture filter to only capture that communication to file.

If this is not helping you you should probably edit your question to make it more specific. What "stream" do you need to capture and what do you want to accomplish?

answered 26 Mar '13, 19:44

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I am looking to have wireshark monitor a designated port and ip. When new traffic is detected I want to write that info to a file until the end of file is detected. I want a new file created every time new traffic is detected. Is this possible with wireshark.

(27 Mar '13, 13:23) pgfdbug

That would require some trigger based capture mechanism, and Wireshark doesn't have that kind of thing. You need to have a capture running to extract data from afterwards. Unfortunately you can't create single files based on events.

(27 Mar '13, 13:35) Jasper ♦♦

Thank you for your answer.

(28 Mar '13, 11:56) pgfdbug