I have sorted my 822 MB pcap file by source IP address in ascending order using Wireshark (I tried with tshark on command line, using |sort, but nothing would happen, stalled, had to ^C). Bt now I need to save that sorted display to another pcap file for further filtering. I tried Export>Specified Packets ,and Export>Packet Dissections, and both save the original file, the unsorted one. How can I save this sorted display? Thank you.
asked 19 Nov '16, 22:33
One (slow) way to obtain that goal would be to use scripting. The suggestion below is not tested so you'll probably have to debug it.
At first pass, you'd obtain the list of all source addresses occurring in the capture file, something like:
and prepare an empty pcap file to merge the rest with:
Next, you would use a "foreach" cycle over the list:
answered 20 Nov '16, 01:20