If I have a large pcap file that was created with tcpdump and then I open it in Wireshark and using filters I find the frames I am interested in, then I want to export these frames to a new pcap file, but the Export File function doesn't allow to save as type 'pcap'. Is this possible somehow? asked 30 Jul '12, 01:00  steinboy |
One Answer:
Which version of Wireshark is this? In Wireshark 1.8.0 and later, the function you want is "Export Specified Packets" in the "File" menu. Select "Marked packets only" (if you mean marked packets rather than, say, displayed packets). In earlier versions of Wireshark, that is somewhat confusingly done in "Save As" in the "File" menu. Again, select "Marked packets only". answered 30 Jul '12, 01:54  Guy Harris ♦♦ |
Hi, thank you for your quick response. It is version 1.2.2., and yes, I assumed it to be in the Export menu, didn't think of looking in Save As, and my usual google search didn't bring any clues, so thankyou very much for the solution.