This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to print packet summary lines to a file in plain text format using WireShark2 ?

0

How can I print packet summary lines to a file in plain text format using WireShark2.0.3 ? ( I need this functionality because I have some scripts to reformat plain text format print result )

asked 28 May '16, 02:59

maimai's gravatar image

maimai
10115
accept rate: 0%

edited 28 May '16, 03:08

What do you mean by "summary line". Please add an example of output your would like.

Have you looked at tshark, the command line version of Wireshark that produces text output by default?

(28 May '16, 03:38) grahamb ♦

"Packet summary line" means a contents of packet list pane (as displayed), and I use this term because WireShark1.12's print dialog use this term. Though I know tshark can print text output , WireShark is suitable for interactive packet selection , so I prefer WireShark to tshark. (If I use tshark only for printing interesting packet , I should write filter expression twice when I want to keep Frame.Number unchanged)

(28 May '16, 18:01) maimai

One Answer:

1

In the GUI I think you're looking for the "File->Export Specified Dissections" menu item. Once there select "As Plain Text...". Then, under "Packet Format" make sure only "Summary line" is selected (this basically means de-selecting "Packet Details").

Of course, as Graham points out, tshark would be more amenable to scripting.

answered 28 May '16, 07:37

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thanks. This is what I was looking for. I was not aware of "File->Export Packet Dissections" can be used for my purpose since WireShark1.12. In WireShark1.12 , "File->Print" shows a dialog with "Printer 'as plain text' and Output to file" and I used to use this GUI. (I guess very old WireShark does not has "File->Export Packet Dissections" GUI)

(28 May '16, 17:49) maimai

Cool, glad that helped. (A bunch of functions were moved around in Wireshark 2 to, well, make more sense. But sometimes it's hard to find them.)

BTW since this appears to have answered your question please "accept" the answer by clicking on the checkbox next to the answer--that way your question won't show up in the list of unanswered questions, for example.

(28 May '16, 18:10) JeffMorriss ♦