Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] Using Wireshark to store decoded capture files

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Brüggemann, Frank <f.brueggemann@xxxxxxxxx>
Date: Wed, 2 Apr 2008 11:16:15 +0200

Hi Jehanzeb,

thanks for your fast feedback.

Yes, we tried the export function, but we need a solution without manual intervention. Wireshark should run permanent 24 hours producing log files. It would be perfect if the files had only the data we need. For smtp this would be per email one line with:

timestamp, sender-email, receiver-email, subject, mail-length (bytes)

Is this possible with wireshark/tshark?

Regards

Frank

Von: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] Im Auftrag von Jehanzeb Khan
Gesendet: Mittwoch, 26. März 2008 11:28
An: Community support list for Wireshark
Betreff: Re: [Wireshark-users] Using Wireshark to store decoded capture files

Hi Frank

Have you tried exporting (under file menu) the capture file with packet details expanded?

Regards

Jehanzeb

----- Original Message ----
From: "Brüggemann, Frank" <f.brueggemann@xxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Wednesday, March 26, 2008 3:18:36 PM
Subject: [Wireshark-users] Using Wireshark to store decoded capture files

Hello,

is there any way to store permanent decoded packets and not the raw data in capture files?

We would like to export http and smtp headers in a database for accounting and need a “human readable” format.

Thanks

Frank

Prev by Date: Re: [Wireshark-users] GUI problem with Mac OS X
Next by Date: [Wireshark-users] Unknown AVP problem
Previous by thread: Re: [Wireshark-users] GUI problem with Mac OS X
Next by thread: [Wireshark-users] Unknown AVP problem
Index(es):
- Date
- Thread