Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

5.6. Exporting data
Prev Chapter 5. File Input / Output and Printing Next

5.6. Exporting data

Wireshark provides several ways and formats to export packet data. This section describes general ways to export data from Wireshark.

[Note] Note!

There are more specialized functions to export specific data, which will be described at the appropriate places.

XXX - add detailed descriptions of the output formats and some sample output, too.

5.6.1. The "Export as Plain Text File" dialog box

Export packet data into a plain ASCII text file, much like the format used to print packets.

Figure 5.11. The "Export as Plain Text File" dialog box

The "Export as Plain Text File" dialog box

5.6.2. The "Export as PostScript File" dialog box

Export packet data into PostScript, much like the format used to print packets.

[Tip] Tip!

You can easily convert PostScript files to PDF files using ghostscript. For example: export to a file named foo.ps and then call: ps2pdf foo.ps

Figure 5.12. The "Export as PostScript File" dialog box

The "Export as PostScript File" dialog box

5.6.3. The "Export as CSV (Comma Separated Values) File" dialog box

XXX - add screenshot

Export packet summary into CSV, used e.g. by spreadsheet programs to im-/export data.

5.6.4. The "Export as C Arrays (packet bytes) file" dialog box

XXX - add screenshot

Export packet bytes into C arrays so you can import the stream data into your own C program.

5.6.5. The "Export as PSML File" dialog box

Export packet data into PSML. This is an XML based format including only the packet summary. The PSML file specification is available at: https://www.nbee.org/doku.php?id=netpdl:psml_specification.

Figure 5.13. The "Export as PSML File" dialog box

The "Export as PSML File" dialog box

There's no such thing as a packet details frame for PSML export, as the packet format is defined by the PSML specification.

5.6.6. The "Export as PDML File" dialog box

Export packet data into PDML. This is an XML based format including the packet details. The PDML file specification is available at: https://www.nbee.org/doku.php?id=netpdl:pdml_specification.

[Note]

The PDML specification is not officially released and Wireshark's implementation of it is still in an early beta state, so please expect changes in future Wireshark versions.

Figure 5.14. The "Export as PDML File" dialog box

The "Export as PDML File" dialog box

There's no such thing as a packet details frame for PDML export, as the packet format is defined by the PDML specification.

5.6.7. The "Export selected packet bytes" dialog box

Export the bytes selected in the "Packet Bytes" pane into a raw binary file.

Figure 5.15. The "Export Selected Packet Bytes" dialog box

The "Export Selected Packet Bytes" dialog box

  • Name: the filename to export the packet data to.

  • The Save in folder: field lets you select the folder to save to (from some predefined folders).

  • Browse for other folders provides a flexible way to choose a folder.

5.6.8. The "Export Objects" dialog box

This feature scans through HTTP streams in the currently open capture file or running capture and takes reassembled objects such as HTML documents, image files, executables and anything else that can be transferred over HTTP and lets you save them to disk. If you have a capture running, this list is automatically updated every few seconds with any new objects seen. The saved objects can then be opened with the proper viewer or executed in the case of executables (if it is for the same platform you are running Wireshark on) without any further work on your part. This feature is not available when using GTK2 versions below 2.4.

Figure 5.16. The "Export Objects" dialog box

The "Export Objects" dialog box

Columns:

  • Packet num: The packet number in which this object was found. In some cases, there can be multiple objects in the same packet.

  • Hostname: The hostname of the server that sent the object as a response to an HTTP request.

  • Content Type: The HTTP content type of this object.

  • Bytes: The size of this object in bytes.

  • Filename: The final part of the URI (after the last slash). This is typically a filename, but may be a long complex looking string, which typically indicates that the file was received in response to a HTTP POST request.

Buttons:

  • Help: Opens this section in the user's guide.

  • Close: Closes this dialog.

  • Save As: Saves the currently selected object as a filename you specify. The default filename to save as is taken from the filename column of the objects list.

  • Save All: Saves all objects in the list using the filename from the filename column. You will be asked what directory / folder to save them in. If the filename is invalid for the operating system / file system you are running Wireshark on, then an error will appear and that object will not be saved (but all of the others will be).

Prev Up Next
5.5. File Sets Home 5.7. Printing packets

 
 
  Published under the terms fo the GNU General Public License Design by Interspire