this WireShark capability is used to separate specific packages from the file IOT dig deeper to resolve an incident. this functionality helps analysts share only suspicious packages thus removing non pertinent information
WireShark > File > {pcap1.pcap}
WireShark > Packet List > Highlight Selected Packets > Edit > Mark/Unmark Packet(s)
WireShark > File > Export Specified Packets
Filename: {arbitrary}
Export As: WireShark/...pcapng
Packet Range: Marked Packets Only
- Other options include: All, Selected, First to Last Marked...
