Wireshark provides several ways and formats to export packet data. This section describes general ways to export data from the main Wireshark application. There are more specialized functions to export specific data which are described elsewhere.
If you would like to be able to import any previously exported packets from a plain text file it is recommended that you:
Export packet summary into CSV, used e.g. by spreadsheet programs to im-/export data.
Export packet bytes into C arrays so you can import the stream data into your own C program.
Export packet data into PSML. This is an XML based format including only the packet summary. The PSML file specification is available at: https://web.archive.org/web/20141115200425/http://www.nbee.org/doku.php?id=netpdl:psml_specification.
There’s no such thing as a packet details frame for PSML export, as the packet format is defined by the PSML specification.
Export packet data into PDML. This is an XML based format including the packet details. The PDML file specification is available at: https://web.archive.org/web/20140416072301/http://www.nbee.org/doku.php?id=netpdl:pdml_specification.
The PDML specification is not officially released and Wireshark’s implementation of it is still in an early beta state, so please expect changes in future Wireshark versions.
There’s no such thing as a packet details frame for PDML export, as the packet format is defined by the PDML specification.
Export the bytes selected in the “Packet Bytes” pane into a raw binary file.
This feature scans through the selected protocol’s streams in the currently open capture file or running capture and allows the user to export reassembled objects to the disk. For example, if you select HTTP, you can export HTML documents, images, executables, and any other files transferred over HTTP to the disk. If you have a capture running, this list is automatically updated every few seconds with any new objects seen. The saved objects can then be opened or examined independently of Wireshark.