how pcapng could be save to another file?


Hello, do anyone know to deal with it?

I have a captured *.pcapng file and it has lots of data. I hope to filter specified port's log to another pacapng file in command line. Could it be possible?

If Wireshark/tshark does not provide this method, whether it is possible to complete it with lua?

Thanks a lot.

You can certainly do that with Wireshark. Load the file, apply a display filter to select only those packets you are interested in, then save the file selecting to save only those frames shown.

Thank you Jaap. But what I will filter is volume data and thousands of files. I could not operate this way one by one. So I need a way in command line.

The command line tool is called tshark, the manual is here.

In short, you would use

tshark -r original_pcapng_to_be_filtered -Y "your_display_filter_expression" -w filtered_pcapng_file_to_be_written.

You'll use a script to provide the input and output file names.

