EXPORTING PACKETS

this WireShark capability is used to separate specific packages from the file IOT dig deeper to resolve an incident. this functionality helps analysts share only suspicious packages thus removing non pertinent information

WireShark > File > {pcap1.pcap}
WireShark > Packet List > Highlight Selected Packets > Edit > Mark/Unmark Packet(s)
WireShark > File > Export Specified Packets
 Filename: {arbitrary}
 Export As: WireShark/...pcapng
 Packet Range: Marked Packets Only
  - Other options include: All, Selected, First to Last Marked...
PreviousFINDING SPECIFIC STRINGS/PACKETSNextEXPORTING OBJECTS

Last updated