Wireshark-users: [Wireshark-users] Export/Save "Interesting" Network Traffic to a Separate File
From: Merton Campbell Crockett <[email protected]>
Date: Sat, 26 Sep 2009 19:37:51 -0700
I have a group of employees that are physically located at a "sister" company's facility. There is a dedicated, private circuit the facility and one of our facilities that provides our employees access to company resources on our wide area network.
All our employees are required to take mandatory training courses each  
year to maintain job required certifications.  Most of the training  
courses are generic and are provided through a third-party training  
web site; however, there is a set of courses that are deemed to be  
company sensitive.  The content for these courses are maintained on a  
server at one of our facilities.
There have been complaints to senior management from this group of  
employees that they are unable to take the courses where the training  
material is on one of our company's servers.
For four hours on Friday, I captured network traffic between this  
group of users and the server hosting the company sensitive course  
material.  The tcpdump traffic indicates that the access problem is  
limited to some systems.  Of the seven systems being used to access  
the company sensitive course material, only one of the systems was  
being refused access to the course material.
I would like to extract this traffic from the file and export or save  
it to another file and forward this file to a team that is being  
formed to investigate the problem.
I have written a wireshark display filter that isolates the  
interesting traffic but can't find a function that would export that  
specific stream of traffic to another file.
How do I do this?

Merton Campbell Crockett
[email protected]