Wireshark-users: Re: [Wireshark-users] Wireshark file format

From: j.snelders@xxxxxxxxxx
Date: Thu, 5 Mar 2009 20:06:50 +0100

Hi Ram Singh,

When you select Follow TCP Stream the Follow TCP Stream dialog box pops up
with all the data from this tcp stream.
You can view and save the data in the following formats:
ASCII, EBCDIC, Hex Dump, C Arrays and Raw.

Wireshark also applies a display filter to select all the packets in this
tcp stream.
You can save those packets to a separate .pcap file:
File -> Save As
Packet Range: select -> Displayed

You will find more information in the User's Guide:
http://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowTCPSection.html
http://www.wireshark.org/docs/wsug_html_chunked/ChIOOpenSection.html
http://www.wireshark.org/docs/wsug_html_chunked/ChIOSaveSection.html#ChIOSaveAs

Hope this helps
Joan


On Thu, 5 Mar 2009 16:15:49 +0530 ram singh wrote:
>
>Hi all,
>         i have been using Wireshark for network analysis.But i can't view
>the saved files(saved using Follow TCP Stream) in Wireshark window.The error
>message reads as below:
>"flow5.pcap" isn't a capture file in a format Wireshark understands.
>Can anybody help me to save the files in proper format and also to view
that
>file.
>___________________________________________________________________________
>Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-users
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe