Is there a way to have wireshark capture a live tcp stream and send that stream to a file when the stream is closed? Im fairly new to Wireshark and have not been able to accomplish this task. asked 26 Mar '13, 17:47  pgfdbug edited 26 Mar '13, 17:49 |
One Answer:
Wireshark always captures to file until you stop the capture. If you know what IP and ports the TCP connection is using you could create a capture filter to only capture that communication to file. If this is not helping you you should probably edit your question to make it more specific. What "stream" do you need to capture and what do you want to accomplish? answered 26 Mar '13, 19:44  Jasper ♦♦ |
I am looking to have wireshark monitor a designated port and ip. When new traffic is detected I want to write that info to a file until the end of file is detected. I want a new file created every time new traffic is detected. Is this possible with wireshark.
That would require some trigger based capture mechanism, and Wireshark doesn't have that kind of thing. You need to have a capture running to extract data from afterwards. Unfortunately you can't create single files based on events.
Thank you for your answer.