Wireshark provides several ways and formats to export packet data. This section
describes general ways to export data from the main Wireshark application. There
are more specialized functions to export specific data which are described
5.7.1. The “Export as Plain Text File” dialog box
Export packet data into a plain ASCII text file, much like the format used to print packets.
If you would like to be able to import any previously exported packets from a
plain text file it is recommended that you:
Add the “Absolute date and time” column.
Temporarily hide all other columns.
Disable the Section 11.5, “Preferences”
→ → → “Show not dissected data
on new Packet Bytes pane” preference. More details are provided in
Include the packet summary line.
Exclude column headings.
Exclude packet details.
Include the packet bytes.
Figure 5.9. The “Export as Plain Text File” dialog box
5.7.2. The “Export as PostScript File” dialog box
Figure 5.10. The “Export as PostScript File” dialog box
5.7.3. The “Export as CSV (Comma Separated Values) File” dialog box
Export packet summary into CSV, used e.g. by spreadsheet programs to im-/export data.
5.7.4. The “Export as C Arrays (packet bytes) file” dialog box
Export packet bytes into C arrays so you can import the stream data into your own C program.
5.7.5. The “Export as PSML File” dialog box
Export packet data into PSML. This is an XML based format including only the
packet summary. The PSML file specification is available at:
Figure 5.11. The “Export as PSML File” dialog box
There’s no such thing as a packet details frame for PSML export, as the packet
format is defined by the PSML specification.
5.7.6. The “Export as PDML File” dialog box
Export packet data into PDML. This is an XML based format including the packet
details. The PDML file specification is available at:
The PDML specification is not officially released and Wireshark’s implementation
of it is still in an early beta state, so please expect changes in future
Figure 5.12. The “Export as PDML File” dialog box
There’s no such thing as a packet details frame for PDML export, as the packet
format is defined by the PDML specification.
5.7.7. The “Export selected packet bytes” dialog box
Export the bytes selected in the “Packet Bytes” pane into a raw binary file.
Figure 5.13. The “Export Selected Packet Bytes” dialog box
Name: the filename to export the packet data to.
The Save in folder: field lets you select the folder to save to (from some predefined folders).
Browse for other folders provides a flexible way to choose a folder.
5.7.8. The “Export Objects” dialog box
This feature scans through the selected protocol’s streams in the currently
open capture file or running capture and allows the user to export reassembled
objects to the disk. For example, if you select HTTP, you can export HTML
documents, images, executables, and any other files transferred over HTTP
to the disk. If you have a capture running, this list is automatically
updated every few seconds with any new objects seen. The saved objects can then
be opened or examined independently of Wireshark.
Figure 5.14. The “Export Objects” dialog box
Packet: The packet number in which this object was found. In some
cases, there can be multiple objects in the same packet.
Hostname: The hostname of the server that sent this object.
Content Type: The content type of this object.
Size: The size of this object in bytes.
Filename: The filename for this object. Each protocol generates
the filename differently. For example, HTTP uses the
final part of the URI and IMF uses the subject of the email.
Text Filter: Only displays objects containing the specified text string.
Help: Opens the “Export Objects” section in the user’s guide.
Save All: Saves all objects (including those not displayed) using the filename from the
filename column. You will be asked what directory / folder to save them in.
Close: Closes the “Export Objects” dialog.
Save: Saves the currently selected object as a filename you specify. The
default filename to save as is taken from the filename column of the objects