54

I applied a filter in wireshark to display only the incoming packets to my PC. When I save the filtered/displayed packets to a .csv file, I actually saves all the packets (un-filtered). How can I save only the displayed/filtered packets?

user846400
  • 1,061
  • 1
  • 17
  • 25

1 Answers1

79

Exporting data
Just select Displayed in the Packet Range frame.

Note that with newer builds of Wireshark for Windows, this is available only with "Export Specified Packets", not with "Save" or "Save as" options.

PypeBros
  • 2,607
  • 24
  • 37
  • Actually, if you want to minimize the temporary file, you could add a filter to the capture itself: Capture -> Options -> Capture filter "host 192.168.1.1" (or whatever is the IP you want to filter. – psychowood Jul 15 '13 at 21:59
  • @joke - How to save to file the displayed output using tcpdump? (in my case the -w save every thing) – kimo Jan 17 '14 at 16:41
  • I found it - #>tcpdump > file – kimo Jan 19 '14 at 21:53
  • 1
    Their website says to use the Save All option in the dialog. This is a lie. Use the Export function. – Mark W Nov 23 '15 at 22:07
  • 1
    It is in "File" ->"Export Specified Packets..." for Linux version. Running wireshark 2.2.6 on Debian Testing here. – Fonzie Jun 05 '17 at 12:01