This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Copy to notepad

2

Hi,

If i want to copy multiple rows to textfile ctrl or shift pressed in doesn't work. what is the easiest way to copy specific rows to a textfile?

asked 16 Jul '12, 04:43

Ivan's gravatar image

Ivan
31224
accept rate: 0%

One Answer:

1

Mark the packtes (CRTL-M) you need, then print them to a text file:

File -> Print -> Plain Text

Select the following options:

  • Output to file (e.g. wireshark.out)
  • Marked packets only (Packet range)
  • Packet summary line (Packet Format)

Then open the output file in an editor.

Alternatively, you can use tshark

tshark -r input.cap -T fields -e ip.src -e ip.dst -e <whatever_field_you_like> -E header=y -E separator=;

See tshark -G for a list of available fields. You can also select in Wireshark and it will show the field name in the status line at the bottom (TCP Source Port - tcp.srcport)

Regards
Kurt

answered 16 Jul '12, 05:06

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Works fine. But is that really the "easiest way"? That would be ridiculous, why can't you just select everything (with something like ctrl+a, shift+arrows, mouse, ...) and press ctrl+c?

(20 Dec '12, 12:30) BeniBela

why can't you just select everything (with something like ctrl+a, shift+arrows, mouse, ...) and press ctrl+c?

because it is not yet implemented ;-)

(20 Dec '12, 12:45) Kurt Knochner ♦

And implimenting it isn't trivial.

(20 Dec '12, 23:39) Anders ♦

@Anders: But it looks like a trivial GUI thingy

(21 Dec '12, 08:34) BeniBela

It's probably 'easy' for the currently selected packet, as there is already such a function, just not available via CTRL-C (windows).

right click -> Copy -> Summary (Text)

That's not the full packet detail, but that could be made a configurable option. So, implementing that would be 'quite easy'.

However: I don't know how hard it would be to implement 'multi-select' in the packet list view?

Can anyone of the GTK experts please jump in?

(21 Dec '12, 09:43) Kurt Knochner ♦

@Anders: But it looks like a trivial GUI thingy

Feel free to implement it :-)

(21 Dec '12, 13:57) Anders ♦

I know this is an older post but I was wondering if anyone had found a workaround to the hours spent: - Right-click - Copy - ...as Printable Text ...when you have hundreds (maybe thousands) of packets to copy as printable text and dump into a text editor. Thanks

(04 Jan '17, 10:06) Lars

Have you tried:

File / Export Packet Dissections / as "Plain Text" File

(04 Jan '17, 11:26) Amato_C

I did try that, and print as plain text. The problem is that it is SNMP and I do not need to SNMP long-form OID info that is displays. I need the Human Readable Alarm Data that is shown when you right-click on a packet, Copy, ....as Printable Text.

Here is what printing packet dissections of 49 sorted packets produces...I just show one:

No.     Time                          Source                Destination           Protocol Length Info
   3440 2016-12-05 11:41:17.652442    sourceipaddr          destipaddr             SNMP     571    snmpV2-trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0 1.3.6.1.4.1.562.29.6.2.1 1.3.6.1.4.1.562.29.6.2.2 1.3.6.1.4.1.562.29.6.2.3 1.3.6.1.4.1.562.29.6.1.1.1.1 1.3.6.1.4.1.562.29.6.1.1.1.2 1.3.6.1.4.1.562.29.6.1.1.1.3 1.3.6.1.4.1.562.29.6.1.1.1.4 1.3.6.1.4.1.562.29.6.1.1.1.5 1.3.6.1.4.1.562.29.6.1.1.1.6 1.3.6.1.4.1.562.29.6.1.1.1.7 1.3.6.1.4.1.562.68.11.1.1.1 1.3.6.1.4.1.562.68.11.1.1.2 1.3.6.1.4.1.562.68.11.1.1.3 1.3.6.1.4.1.562.68.11.1.1.4 1.3.6.1.4.1.562.68.11.1.1.6 1.3.6.1.6.3.1.1.4.3.0
Frame 3440: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits) on interface 0
Ethernet II, Src: CiscoInc_af:97:01 (a8:0c:0d:af:97:01), Dst: Microsof_0e:23:0d (00:15:5d:0e:23:0d)
Internet Protocol Version 4, Src: 10.3.148.211, Dst: 10.64.14.133
User Datagram Protocol, Src Port: 1097, Dst Port: 162
Simple Network Management Protocol

Doing a Right-Click, Copy, ...as Printable Text, and then pasting into NotePad++, produces this:

]#
E-:H~D
@I 0
sysadmin00+CVH0
+
+2.0+20+2)0-+2Optical Channel Power Transmit0
+20
+200g
+2VNODE11:CHMON-1-2-7-153504,OPT-OCH,NEND,TRMT,0000,000000,-17.60,000006,1-UNT,NA,1535.040
+2NA0
+2NA0
+20
+20+2D0+2D0+2DNODE110[email protected]
0+2D0
 + +2D

I need the 4th and 7th lines in this output, although it is not always in the same line. I have thousands of packets to parse and capture in this way and strip away what I will call "the noise" and then use that data. Just the ability to perform a mass copy as printable text and dump into Notepad would save me a great deal of time.

(04 Jan '17, 12:24) Lars

All the recent "answers" have been converted to a comments as that's how this site works. Please read the FAQ for more information.

@Lars,

Attempting to parse Wireshark dissection of SNMP traffic seems to be an awfully long winded of going about this. Why not use an SNMP application to issue the specific SNMP requests you require and output the returned data in the format you require?

(05 Jan '17, 03:16) grahamb ♦
showing 5 of 10 show 5 more comments