Re: reload saved stream

[Jim Aragon <Jim () agdatasystems com>]

At 05:57 AM 7/26/2012, János wrote:

>I save some streams onto disk, but when I try to reload or opened them
>with Wireshark again it complains:
>
>"  The file ..... isn't a capture file in a format Wireshark understands."
>
>Can a stream editor incorporated into the program ?  There are cases
>when I want to work only on the stream and not on the whole capture file.

You need to save the packets you're interested in 
as a .pcap or .pcapng file. Do not use Save As 
from Follow TCP stream. This saves only the data 
stream, not the actual packets with all their 
headers and other information as captured from the network.

First, apply a display filter so that only the traffic you want is shown.

In Wireshark 1.8 or later, go to File > Export 
Specified Packets. In versions of Wireshark prior to 1.8, go to File > Save As.

In either case, select the option to save only 
the displayed packets, select either the .pcap or 
.pcapng format, give the file a name, and save the file.

Jim

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe