Technical Tip: How to export filtered (displayed) packets to a new Wireshark file
| Description | The article describes how to export the filtered packets in the Wireshark to a new file. Sometimes, Wireshark files can have many packets that are not of interest and filters are applied to display the packets required for troubleshooting. These filtered packets can be moved to a new file to share with the stakeholders. |
| Scope | FortiGate. |
| Solution | The below Wireshark file has a total of 145K packets and packets with IP Address : 10.132.4.87 are required for analysis. To achieve this, the Wireshark filter 'ip.addr == 10.132.4.87' is applied, displaying 26K packets.
To move the displayed 26K packets to a new file, go to File -> Export Specified Packets, and the below menu will appear that provides an option to export only displayed packets to a new file.
The new file will be much slimmer and easier to analyze. To filter both source IP and destination IP use the filters ip.src== 198.168.1.2 & ip.dst == 1.1.1.1.
|
