This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark Release 2.2.1 and 2.1.0 export csv problem

0

Hi, I was using wireshark 1.11.2 version and when i try to save data to CSV file, it crashed. I installed version 2.2.1 and later 2.1.0. It does not crash now but this time,when i chose File -> Export Packet Dissections -> As "CSV" and then checking the "Packet bytes", i can not see any byte information on CSV file. It records just headings. Should i do anything else to see bytes? or these versions also have a bug about that.

And Also i have a dissector to use interpret my own protocol. I want to see interpretted data on CSV. Is that possible? Thank you.

asked 26 Oct '16, 06:46

saniye's gravatar image

saniye
6112
accept rate: 0%


One Answer:

0

I've just double-checked, the File -> Export Packet Dissections -> As CSV... only exports the information shown in the packet list pane. So by adding some packet fields as custom columns of the packet list, you can have them saved as csv, but to my knowledge packet bytes cannot be referred to as a field of the frame "protocol". The settings controlling the output contents in the generic "Export Packet Dissections" are largely ignored for Export as CSV.

As for the other part of your question, if your own dissector is written properly and creates proper protocol fields into the dissection tree rather than just text labels, then these fields are handled the same way as the fields generated by any "embedded" dissector. So you can use them in display filters, make them columns in packet list, ask tshark to print them using the -T fields -e field_name command line parameters, they are exported into the PDML format, etc.

answered 26 Oct '16, 13:24

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

@saniye, just to make sure the info reaches you, your comment hasn't vanished spontaneously from the other Question, I've removed it from there as you've properly replaced it with this Question.

(26 Oct '16, 13:28) sindy