Frame 74: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: IntelCor_29:34:97 (00:1f:3b:29:34:97), Dst: ThomsonT_84:7e:4a (00:26:44:84:7e:4a) Internet Protocol Version 4, Src: 192.168.1.65 (192.168.1.65), Dst: 22.214.171.124 (126.96.36.199) Transmission Control Protocol, Src Port: 2368 (2368), Dst Port: 80 (80), Seq: 2, Ack: 2, Len: 0 Source port: 2368 (2368) Destination port: 80 (80) [Stream index: 6] Sequence number: 2 (relative sequence number) Acknowledgement number: 2 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 231 [Calculated window size: 231] [Window size scaling factor: -1 (unknown)] Checksum: 0x5951 [validation disabled] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 73] [The RTT to ACK the segment was: 0.000092000 seconds]from this:
|Wireshark packet details window|
One may ask -- what's the problem here, can't you just select the window content and use
Ctrl+V? Well, I was disappointed to learn that no, it's not straightforward. Good news it's still possible.
First of all we'll need to mark all the packets that we're interested in. You can either use a context menu item "Mark packet (toggle)" or just hit
Ctrl+Mwhen the focus is set on the packet we're looking into. You'll have to repeat the procedure for all the packets you want to extract. If there's just too much for doing it manually you can play with different options in the Edit menu. You can toggle the Marked status for all displayed packets, so basically you can benefit from applying a display filter first.
|Marking packets in Wireshark|
Now go to
|Exporting a Wireshark capture to a file|
And here's the key step. Set the export file type to Plain text, select the Marked packets option and make sure that you see Packet details checkbox selected on the right. You might want to play with different suboptions here: As displayed, All collapsed or All expanded.
|Exporting Marked packets to a file in Wireshark|
And this is it. Now hit Save and check out the contents of the export file.