Wireshark Revealed:Essential Skills for IT Professionals
上QQ阅读APP看书,第一时间看更新

Saving, printing, and exporting data

In this recipe we will talk about file operations such as save, export, print, and others.

Getting ready

Start Wireshark or open a saved file.

How to do it...

We can save a whole file, and export specific data in various formats and file types. In the following paragraphs we will see how to do it.

To save a whole file with captured data, perform the following steps:

  1. In the File menu, click on Save (or press Ctrl + S) for saving the file with its own name.
  2. In the File menu, click on Save as (or press Shift + Ctrl + S) for saving the file with a new name.

For saving a part of a file, for example, only the displayed data:

  1. Navigate to Export Specified Packets under the File menu. You will get the following window:
  2. At the bottom-left side of the window, you will see that you can choose which part of the data you want to save.
  3. For saving all the captured data, select All packets and Captured.
  4. For saving only the displayed data, choose All packets and Displayed.
  5. For saving only selected packets from the file (a selected packet is simply a packet that you clicked on), choose Selected packet.
  6. For saving marked packets (that is, packets that were marked by right-clicking on it in the packet list window, and choosing the Marked packet toggle from the menu), choose Marked packet.
  7. For saving packets between two marked packets select the First to last marked option.
  8. For saving a range of packets, select Range and specify the range of packets you want to save.
  9. In the packet list window, you can manually choose to ignore a packet. In the Export window you can choose to ignore these packets and not save them.

In all the options mentioned, you can choose the packets from the entire captured file, or from the packets displayed on the screen (packets displayed on the packet list after a displayed filter has been applied).

Saving data in various formats

You can save the data captured by Wireshark in various formats, for further analysis with other tools.

You can save the file in the following formats:

  • Plain text (*.txt): export packet data into a plain text ASCII file.
  • PostScript (*.ps): export packet data into PostScript format.
  • Comma Separated Values: Packet Summary (*.csv): export packet summary into CSV file format, to use it with spreadsheet programs (such as Microsoft Excel).
  • C Arrays to Packet Bytes (*.c): export packet bytes into C-Arrays so that it can be imported by C programs.
  • PSML or XML Packet Summary (*.psml): export packet data into PSML, an XML-based format including only the packet summary. Further details about this format can be found at http://www.nbee.org/doku.php?id=netpdl:psml_specification.
  • PDML - XML Packet Details (*.pdml): export packet data into PDM, an XML-based format including the packet details. Further details about this format can be found at http://www.nbee.org/doku.php?id=netpdl:pdml_specification.

To save the file, select Export Packet Dissections from the File menu, and you will get the following window:

In the preceding screenshot, in the marked box on the left-hand side, you choose the packets you want to save. The process is the same as in the previous recipe. In the marked box on the right-hand side, you choose the format of the file to be saved.

How to print data

In order to print data, click on the Print button from the File menu, and you will get the following window:

In the Wireshark Print window, you have the following choices:

  • In the upper window, you choose the file format to be printed
  • In the lower-left window, you choose the packet to print (like in the Export window)
  • In the lower-right window, you choose the format of the printed data, and the data panes to print from the Wireshark window:
    • The Packet Summary pane
    • The Packet Details pane
    • The Packet Byte pane

How it works...

The data can be printed in a text format, postscript (for postscript-aware printers), or to a file. After configuring this window and clicking on print, the regular printing window will appear and you can choose the printer.