Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vsharma
Staff
Staff

Created on ‎09-27-2024 09:45 AM Edited on ‎10-02-2024 12:25 AM By Moderator

Article Id 345177

Technical Tip: How to export filtered (displayed) packets to a new Wireshark file

Description

The article describes how to export the filtered packets in the Wireshark to a new file. Sometimes, Wireshark files can have many packets that are not of interest and filters are applied to display the packets required for troubleshooting.

These filtered packets can be moved to a new file to share with the stakeholders.
Scope FortiGate.
Solution

The below Wireshark file has a total of 145K packets and packets with IP Address : 10.132.4.87 are required for analysis.

To achieve this, the Wireshark filter 'ip.addr == 10.132.4.87' is applied, displaying 26K packets.

 

ws-1.PNG

 

To move the displayed 26K packets to a new file, go to File -> Export Specified Packets, and the below menu will appear that provides an option to export only displayed packets to a new file.

 

ws-2.PNG

 

The new file will be much slimmer and easier to analyze.

To filter both source IP and destination IP use the filters ip.src== 198.168.1.2 & ip.dst == 1.1.1.1.

 

pac.png
216
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.