Does the summary line in pcap follow a specific format. I have a dump from wireshark based on only the summary line and i need to add tcp/ip analysis based on ftp/http/icmp etc. Any suggestions This question is marked "community wiki". asked 07 Aug '14, 08:50  anilkumarxceed |
One Answer:
The content of the summary line in Wireshark is specified by the highest level dissector, e.g. if you have a TCP packet with no payload the TCP dissector decides what to put in. For HTTP packets, its the HTTP dissector, etc. If you need to add more details you should just configure all columns to show what you need, and then use the "Export packet dissections" to CSV feature to save the list. answered 07 Aug '14, 08:53  Jasper ♦♦ |
