The File menu option "Export Selected Packet Bytes..." is NOT enabled. What do I need to do to enable it? asked 11 Feb '14, 06:31  bundgaj edited 11 Feb '14, 07:38  Kurt Knochner ♦ |
One Answer:
From the manual: http://www.wireshark.org/docs/wsug_html_chunked/ChIOExportSection.html As soon as you select some bytes in the 'Packet Bytes' pane, the menu item will be enabled. Regards answered 11 Feb '14, 06:41 Kurt Knochner ♦ Thanks. What I really want to do is to export only the headers from the pcap file. How do I do that? (11 Feb '14, 06:56) bundgaj It depends on what you mean by "headers from the pcap file"... I guess the following should be O.K. for you.
Then take a look at the "Packet Format" option. Additionally, you can use tshark to extract whatever 'protocol field' you need.
See the Display filter reference for all available fields. (11 Feb '14, 07:01) Kurt Knochner ♦ The pcap file has a variety of encapsulations: UDP, TCP, L3 only... I'd like to export the entire pcap file without any of the 'payload data'. (11 Feb '14, 07:06) bundgaj In what form do you want to export it? Do need a new pcap file, just without the payload (like for anonymization) or do you need a text representation of the dissected headers, just without the payload? (11 Feb '14, 07:13) Kurt Knochner ♦ A new pcap file. (11 Feb '14, 07:20) bundgaj Ah, then you need a tool to anonymize the file. One of the best tools available is TraceWrangler from @Jasper. There are other tools as well, just google for: 'pcap anonymizer' or 'pcap anonymization' You can also use editcap to cut off the frames at a certain position.
(11 Feb '14, 07:21) Kurt Knochner ♦ showing 5 of 6 show 1 more comments |
This problem exists in both 1.10.5 and 1.11.2