Saving and Exporting Capture Files

As you perform packet analysis, you will find that a good portion of the analysis you do will happen after your capture. Usually, you will perform several captures at various times, save them, and analyze them all at once. Therefore, Wireshark allows you to save your capture files to be analyzed later.

Saving Capture Files

To save a packet capture, select File from the drop-down menu and then click Save As, or press SHIFT-CTRL-hyphen. You should see the Save File As dialog (Figure 4-3). Here you will be prompted for a location to save your packet capture and for the file format you wish to use. If you do not specify a file format, Wireshark will use the default .pcap file format.

Figure 4-3. The Save File As dialog ...

Get Practical Packet Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.