Saving the filtered traffic

During or after completing an analysis, you will want to save a set of filtered packets into a new capture file. Saving a filtered subset of the bulk capture data and opening the new, smaller file in Wireshark is helpful to reduce the distracting background noise packets displayed when clearing display filters, working with Conversations windows, and so on during your analysis. Finally, upon completing your analysis, you will want a filtered capture file that represents the analysis evidence and conclusion and can be quickly loaded for review at a later time.

Use the Export Specified Packets option in the File menu to save a new capture file consisting of just your filtered packets. Navigate to the desired directory; enter a filename (Wireshark will provide the appropriate filename extension); make the appropriate selections to save all the Displayed packets, Marked packets, and/or to Remove Ignored packets; and then click on Save. Remember to save the complete capture using the Save As option in the File menu as well, because you may need this file again.

The following screenshot illustrates a typical Export Specified Packets window and its selections: