Wireshark mailing list archives
Re: saving traces as simple ASCII file
From: Guy Harris <guy () alum mit edu>
Date: Sat, 31 Oct 2009 00:48:29 -0700
On Oct 30, 2009, at 8:45 PM, Edward Peschko wrote:
I'm trying to work with wireshark, and was wondering exactly how you save a trace as a simple text file, ie: a textual representation of what you see with the wireshark GUI app, along with an ASCII representation of the packets being transferred. Looking at the file types that you can save, I don't see anything remotely like this. What am I missing?
The fact that 1) "saving" generally means "saving with no (or little) information loss", and saving a text version of the packet isn't that and 2) that might be called "printing" or "exporting"? Try Export -> as Plain Text File... instead. But what do you mean by "ASCII representation of the packets being transferred"? The only ASCII representations we offer are 1) the summary line - which you see with the Wireshark GUI app, in the packet list (the topmost pane, by default); 2) the detailed dissection - which you see with the Wireshark GUI app, in the packet detail (the middle pane, by default); 3) the hex dump of the raw packet data - which you see with the Wireshark GUI app, in the hex dump (the bottommost pane, by default); so there's no ASCII representation that you *don't* "see with the Wireshark GUI app". The Export -> as Plain Text File dialog lets you choose which of 1), 2), or 3) you want to see (you can see more than one of them in the resulting text file - "Packet summary line", "Packet details", and "Packet bytes").
ps - how do you filter packets by an ascii string, again, without regard to either the metadata or the contents of the packets?
A filter that takes into account neither the metadata nor the contents of the packet cannot exist - everything you see in the display comes either from the metadata or the contents. You can filter on the raw contents of the packet containing a particular ASCII string with, for example: frame contains "ab" which will show all frames that have an "a" followed by a "b". There is, as far as I know, no way to match all frames where the Info column, or the dissection, contains a particular string (there is no inherent reason for that, as the "Find" operation can find packets of that sort; there's just no pseudo-field in display filters corresponding to the Info column or to the packet details). ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- saving traces as simple ASCII file Edward Peschko (Oct 30)
- Re: saving traces as simple ASCII file Jaap Keuter (Oct 31)
- Re: saving traces as simple ASCII file Guy Harris (Oct 31)