Hi, once I have spotted the relevant data in a capture (actually Referer lines in http GET requests), how could I get them into a file? When I click http, and then the line, it gets highlighted in the hexdump. Idid not find a way how I could copy that line and paste it into a text document asked 16 Mar '12, 22:49  Wurzelsepp |
One Answer:
Find the Referer line in the Packet Details pane, not the Packet Bytes (hexdump) pane. Highlight the line, right-click, and select Copy > Description or Copy > Value, then paste it into your text document. Copy > Description will give you something like: Referer: http://ask.wireshark.org/questions/\r\n Copy > Value will give you something like: http://ask.wireshark.org/questions/ answered 16 Mar '12, 23:41  Jim Aragon |
it seems I have no luck on that ... using a linux system with 2.6.27 kernel I have tried with both targets that read primary selection and targets that handle clipboard
(The kernel is not involved with copy-and-paste beyond implementing interprocess communication, so the kernel version doesn't matter here.)
Wireshark built from a reasonably recent checkout from the SVN trunk, on Ubuntu 10.10, using the GLib and GTK+ installed as part of the system (GTK+ 2.22.0 and GLib 2.26.1) is able to copy with Copy -> Description and Copy -> Value and I can paste what's copied into a gedit document.
Wireshark doesn't, as far as I know, explicitly support setting the primary selection, so paste-current-selection may not work, but copying to the clipboard appears to work.
Hi,
thanks for responding. In the end I found that export as text and grepping out the relevant lines did the job very vell
btw: this is wireshark as deployed on Suse 11.4: Compiled with GTK+ 2.14.4, with GLib 2.18.2, with libpcap 0.9-PRE-CVS, with libz 1.2.3, without POSIX capabilities, with libpcre 7.8, without SMI, with ADNS, without Lua, without GnuTLS, without Gcrypt, with MIT Kerberos, without PortAudio, without AirPcap.
Running on Linux 2.6.27.7-9-default, with libpcap version 0.9-PRE-CVS.