Wireshark-users: [Wireshark-users] Export/Save "Interesting" Network Traffic to a Separate File
I have a group of employees that are physically located at a "sister"
company's facility. There is a dedicated, private circuit the
facility and one of our facilities that provides our employees access
to company resources on our wide area network.
All our employees are required to take mandatory training courses each
year to maintain job required certifications. Most of the training
courses are generic and are provided through a third-party training
web site; however, there is a set of courses that are deemed to be
company sensitive. The content for these courses are maintained on a
server at one of our facilities.
There have been complaints to senior management from this group of
employees that they are unable to take the courses where the training
material is on one of our company's servers.
For four hours on Friday, I captured network traffic between this
group of users and the server hosting the company sensitive course
material. The tcpdump traffic indicates that the access problem is
limited to some systems. Of the seven systems being used to access
the company sensitive course material, only one of the systems was
being refused access to the course material.
I would like to extract this traffic from the file and export or save
it to another file and forward this file to a team that is being
formed to investigate the problem.
I have written a wireshark display filter that isolates the
interesting traffic but can't find a function that would export that
specific stream of traffic to another file.
How do I do this?
Merton Campbell Crockett
m.c.crockett@xxxxxxxxxxxxxx