[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Export/Save "Interesting" Network Traffic to
From: Merton Campbell Crockett <m.c.crockett () roadrunner ! com>
Date: 2009-09-27 3:54:40
Message-ID: 76B169AB-1C53-473C-B152-02D4DB6AF9FC () roadrunner ! com
[Download RAW message or body]
Doh! I looked at that last night (or should I say this morning) and
misinterpreted it. Thanks.
On 26 Sep 2009, at 19:59:25, George Peaslee wrote:
> Try save as and displayed while your filter is in place.
>
>
> ----- Original Message -----
> From: "Merton Campbell Crockett" <m.c.crockett@roadrunner.com>
> To: "Community support list for Wireshark" <wireshark-users@wireshark.org
> >
> Sent: Saturday, September 26, 2009 9:37 PM
> Subject: [Wireshark-users] Export/Save "Interesting" Network Traffic
> to
> aSeparate File
>
>
>> I have a group of employees that are physically located at a "sister"
>> company's facility. There is a dedicated, private circuit the
>> facility and one of our facilities that provides our employees access
>> to company resources on our wide area network.
>>
>> All our employees are required to take mandatory training courses
>> each
>> year to maintain job required certifications. Most of the training
>> courses are generic and are provided through a third-party training
>> web site; however, there is a set of courses that are deemed to be
>> company sensitive. The content for these courses are maintained on a
>> server at one of our facilities.
>>
>> There have been complaints to senior management from this group of
>> employees that they are unable to take the courses where the training
>> material is on one of our company's servers.
>>
>> For four hours on Friday, I captured network traffic between this
>> group of users and the server hosting the company sensitive course
>> material. The tcpdump traffic indicates that the access problem is
>> limited to some systems. Of the seven systems being used to access
>> the company sensitive course material, only one of the systems was
>> being refused access to the course material.
>>
>> I would like to extract this traffic from the file and export or save
>> it to another file and forward this file to a team that is being
>> formed to investigate the problem.
>>
>> I have written a wireshark display filter that isolates the
>> interesting traffic but can't find a function that would export that
>> specific stream of traffic to another file.
>>
>> How do I do this?
>>
>> Merton Campbell Crockett
>> m.c.crockett@roadrunner.com
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org
>> >
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
>>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org
> >
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org?
> subject=unsubscribe
Merton Campbell Crockett
m.c.crockett@roadrunner.com
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic