Wireshark-users: Re: [Wireshark-users] Using Wireshark to store decoded capture files

From: Brüggemann, Frank <f.brueggemann@xxxxxxxxx>
Date: Wed, 2 Apr 2008 11:16:15 +0200

Hi Jehanzeb,

 

thanks for your fast feedback.

 

Yes, we tried the export function, but we need a solution without manual intervention. Wireshark should run permanent 24 hours producing log files. It would be perfect if the files had only the data we need. For smtp this would be per email one line with:

timestamp, sender-email, receiver-email, subject, mail-length (bytes)

 

Is this possible with wireshark/tshark?

 

Regards

Frank

 

 

 

Von: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] Im Auftrag von Jehanzeb Khan
Gesendet: Mittwoch, 26. März 2008 11:28
An: Community support list for Wireshark
Betreff: Re: [Wireshark-users] Using Wireshark to store decoded capture files

 

Hi Frank

 Have you tried exporting (under file menu) the capture file with packet details expanded?

 

Regards

Jehanzeb

----- Original Message ----
From: "Brüggemann, Frank" <f.brueggemann@xxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Wednesday, March 26, 2008 3:18:36 PM
Subject: [Wireshark-users] Using Wireshark to store decoded capture files

Hello,

 

is there any way to store permanent decoded packets and not the raw data in capture files?

We would like to export http and smtp headers in a database for accounting and need a “human readable” format.

 

Thanks

Frank