This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi All,

I hope that you can help me to resolve a small issue. While using export feature of Wireshark 1.05 -> Export Specified Packets -> K12 text file (*.txt, txt.gz) I obtained a file with non human Readable content (sample attacked bellow). I hope that you can help me to find a way to export the Wireshark capture (layers 2-7) to a text / csv readable file.

Thank you

23:56:37,686,606 ETHER |0 |00|16|46|a2|e3|26|00|0c|29|31|42|25|08|00|45|00|05|d2|59|d7|40|00|80|06|7c|4a|0a|00|00|05|45|5c|cf|a3|16|8d|c0|52|c9|70|10|d5|6e|e5|23|4a|50|10|f8|2f|ac|dd|00|00|a4|df|a6|4b|1d|61|73|ef|2c|ce|6a|e0|e1|8a|f6|8d|84|e2|bc|f6|1b|35|22|d0|c6|fa|bd|fe|80|02|d4|03|3e|70|3c|a9|18|23|86|c7|56|b6|5c|ab|48|47|3a|81|b3|ef|cf|f9|95|39|14|45|2b|97|e9|87|9c|27|da|25|0f|19|a7|67|c6|67|35|7a|fa|df|48|59|41|67|91|72|93|94|0e|d2|49|78|dc|b7|9f|fb|18|a0|80|28|24|dd|ec|57|99|28|31|40|c0|e3|0d|2f|a9|0e|f8|f5|1e|09|c4|40|63|58|14|f3|63|94|91|bc|54|17|0a|84|1e|b2|c7|96|17|e9|e9|ba|0d|27|3a|a6|05|a1|66|d2|ff|10|9e|83|60|2e|4f|36|ec|13|4c|2a|f8|f6|8d|69|05|9f|cb|11|c2|c6|50|e0|4f|1b|11|8e|3c|59|13|e2|18|fe|59|d2|79|1a|d3|2f|31|b2|af|23|d6|d3|7c|22|97|2f|c6|3e|df|ec|9f|20|92|78|cd|40|63|3e|cb|05|c1|93|de|d5|c6|8a|0e|c6|3c|f1|7b|fc|7a|0b|cc|86|80|35|ec|8d|7f|1d|e2|ac|e5|18|4b|a0|ff|c7|a3|5d|04|41|99|db|3d|ff|58|1e|9a|61|3f|1f|9a|8e|a6|f9|ca|be|ea|26|b0|ba|dd|36|7c|e9|e4|82|09|84|40|42|3f|70|3b|60|9b|c4|27|15|55|33|fb|ef|73|40|04|5b|25|41|17|81|c2|f8|5b|27|69|9f|c5|53|4b|98|ea|c6|ef|25|0a|46|60|4e|84|c8|9d|25|53|a4|dc|11|0e|e7|44|1b|ca|58|44|d3|d4|ea|37|b1|20|cd|29|08|d7|3f|bd|22|ed|04|f8|26|aa|b1|17|8e|1d|d0|08|29|a6|e8|67|37|9e|e3|59|51|6b|3f|ce|e5|92|7f|d1|bb|71|c6|af|51|09|c5|2c|00|90|b8|4b|18|9e|63|f8|a3|b1|72|fe|09|ee|3e|00|b6|fa|80|43|40|93|66|cb|cb|f6|80|99|83|d0|d1|7e|7d|5c|3a|42|f7|33|e4|d2|6a|f0|8f|81|8f|35|ac|b1|be|70|07|a9|a9|7f|eb|d8|34|b0|b2|6f|55|bf|f3|a3|d5|9d|65|8b|db|1d|2e|db|54|6d|e9|21|a4|a9|5b|74|0d|a9|db|20|0b|cc|9a|50|64|18|91|d6|16|87|a4|40|e8|dc|10|cf|64|9f|10|50|7e|8a|4a|6a|b3|d4|e5|cb|ec|24|bb|d2|c4|75|da|e4|a0|a4|ae|e9|ce|99|89|fa|b8|3e|78|2e|d3|b8|92|ce|e3|c8|74|3e|52|e6|9b|93|ad|41|d4|d7|a1|18|18|1b|a3|ee|24|68|7f|c9|08|f7|5f|c7|cb|98|8a|5c|14|61|b7|4e|30|09|28|ee|ee|a4|a5|68|d1|31|82|96|3d|de|fc|fb|e3|9f|6f|62|dc|be|eb|c1|4d|9e|42|88|33|df|1b|bd|f5|9b|a3|91|28|6a|90|08|9d|3c|16|30|44|fd|56|a7|df|29|53|3e|c3|a5|d8|eb|ae|50|c8|f0|3d|31|5d|08|52|95|7c|0a|57|79|56|8e|28|2d|c4|2d|47|ce|e6|74|ae|e1|1a|e8|74|e2|7b|43|0f|5b|e4|ad|21|df|3e|57|35|51|7c|5d|6c|60|cd|71|b4|63|e6|09|54|d9|7e|13|a9|22|c4|3e|41|92|26|dc|1c|6f|dd|ce|34|26|86|f4|82|d2|25|35|b4|05|19|be|23|01|5d|e9|49|79|cb|56|3d|5f|d7|5d|6c|41|4b|bc|0e|1b|ea|01|0f|5b|4d|20|52|3d|c4|98|87|51|31|61|2f|54|5c|d6|a9|87|a0|35|39|91|df|1a|6e|ec|7c|3c|96|b1|84|e3|67|69|39|1f|82|ae|83|3a|4f|52|3f|bd|5c|f3|c3|85|ac|b3|d3|b0|61|c6|a6|bd|e6|91|98|18|bc|31|a7|a5|4c|dc|38|ef|76|e1|89|a5|46|ed|46|95|4f|83|c1|e7|20|6d|16|d2|20|7c|4f|a9|44|18|0d|76|90|95|4e|ab|4f|75|d3|88|50|f1|1c|bc|00|f1|4b|a2|4b|73|99|61|7f|7d|60|8b|fc|22|42|ed|23|0a|66|08|51|50|e9|27|54|6a|d4|60|96|62|43|f5|c6|75|6b|16|14|49|60|af|09|51|aa|9d|99|0e|e3|63|2a|0e|b0|8f|36|2b|6b|e3|3e|08|92|a9|9d|cf|f7|c2|25|69|7b|27|8b|d4|92|f8|a2|ba|37|d6|d4|58|79|99|44|83|b7|ca|7c|a3|91|ed|c9|04|31|0d|83|47|22|8d|d7|d4|8f|81|d3|db|cf|5e|d0|49|ba|84|04|04|f0|c2|47|a9|89|d2|f1|84|ba|8a|47|5d|63|37|8f|00|78|de|82|e7|85|3d|e6|d1|59|e2|c5|60|ef|f9|68|4e|1e|0a|c4|bd|c1|36|01|98|df|0e|a8|ec|20|8d|30|45|dd|24|3a|7c|42|7e|08|17|e9|20|93|15|f7|2b|3c|c6|db|4f|28|ab|58|2e|d9|9c|53|57|3a|cb|5e|06|f9|b4|e3|47|a2|3b|27|fe|a6|8c|08|12|8e|8c|b8|19|19|e9|64|9b|95|87|1d|80|e4|f7|11|d6|2c|32|7f|3d|d1|29|16|d8|9b|6b|b9|da|bc|03|1c|c1|90|e1|8a|86|dd|ca|15|94|20|6a|b3|7d|5f|32|ad|a2|84|18|67|e9|ac|72|c0|f6|65|26|7d|7b|ea|3c|29|fe|f9|db|b5|20|02|f2|6a|fc|e7|18|6c|31|cb|8d|a0|f1|8a|a4|55|04|f0|03|b3|aa|f4|b8|82|ae|e9|66|b0|10|5c|7b|15|87|26|4e|1a|d0|ee|c7|af|c6|9e|69|89|86|31|02|92|e8|13|7d|c5|c0|51|30|24|d8|67|35|f8|51|15|c2|6f|ce|d1|f2|89|d7|c6|50|10|31|f4|86|22|41|5c|f4|41|83|2f|c0|c8|17|ff|95|10|c4|7d|eb|12|39|fc|7e|25|ee|5d|14|64|a9|eb|7c|2a|44|07|02|c1|8d|78|ec|bf|d1|aa|97|1a|19|ce|56|29|91|76|a4|b1|db|85|44|f9|79|95|1e|e5|62|0f|00|8a|e1|56|02|e0|82|97|04|b6|81|30|35|95|69|44|d2|1c|7c|25|af|4e|7e|fe|27|74|01|06|b9|a6|b5|32|6f|77|32|b6|fb|42|fd|57|fe|9f|00|d5|25|0f|2a|df|e2|fc|67|28|c5|90|8a|eb|5a|e2|06|61|48|29|23|56|68|ef|bc|fa|4a|c8|28|a8|c1|5c|c4|73|68|20|8e|ad|d3|ac|cd|30|ff|63|48|3e|11|a5|22|f3|7f|d3|1d|87|49|f3|1c|56|1a|e2|69|b7|9d|f7|11|e0|e2|94|81|72|c2|a6|65|1d|88|3e|e8|61|4d|93|df|26|1d|e8|fd|2e|47|1e|25|f7|48|78|88|a4|46|f4|17|fa|37|41|ad|5c|ef|20|9b|df|f7|85|a0|b8|bf|77|fd|11|87|83|3b|da|60|51|7e|06|ce|dc|05|46|76|61|58|65|99|34|15|1f|c2|68|25|28|d4|77|a1|0f|96|b7|e9|c1|c8|57|b8|62|4b|44|c8|1b|fe|7a|60|31|21|51|6b|7e|bd|1e|45|89|88|b4|65|60|b2|0d|97|96|12|a3|57|41|54|0b|2d|06|cd|5f|82|e9|25|28|29|22|6f|24|56|65|a5|06|dd|dc|22|c4|b3|7a|31|09|44|33|

+---------+---------------+---------

asked 24 Feb '14, 12:20

yuval14's gravatar image

yuval14
16113
accept rate: 0%


Well, it's obviously human-readable, in that you read the text and said "what the heck is this?" :-)

"Export Specified Packets" is for writing out trace files, largely in formats intended to be read by packet analyzer programs (such as tcpdump, Wireshark, Microsoft Network Monitor, etc.). Even the text forms there are largely to be read by programs such as Wireshark, not by people (well, non-highly-nerdy people, anyway; the K12 text format is produced by some network analyzers, but they largely just give raw packet data in hex).

You probably want one of the options under "Export Packet Dissections", which writes out information either for humans to look at directly (as "Plain Text" file...) or for programs expecting text input to analyze (as "CSV" (Comma Separated Values packet summary) file, as XML ("PSML" - packet summary) file, as XML ("PDML" - packet detail) file).

permanent link

answered 24 Feb '14, 17:07

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi, I tried also to use "Export Packet Dissections". However, while reviewing the output I couldn't find a common information (e.g. HTTP cookies, HTTP security headers. etc.)

(24 Feb '14, 21:51) yuval14

Which format under "Export Packet Dissections" did you try?

HTTP cookies are in HTTP headers with the media types "Set-Cookie" and "Cookie". If you do a "Plain Text" they should show up IF the request or response actually included cookies. HTTP security headers should show up in the same fashion IF they're present.

Cookies should also show up as the "http.cookie" and "http.set_cookie" fields in XML ("PDML", not "PSML") output. Some other headers might show up in XML output as well.

The CSV output only shows packet summary information, so, if you want some field to show up in the CSV output from Wireshark, you'd have to make it into a custom column.

(25 Feb '14, 00:59) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×76
×31
×9

question asked: 24 Feb '14, 12:20

question was seen: 34,503 times

last updated: 25 Feb '14, 00:59

p​o​w​e​r​e​d by O​S​Q​A