当我打开 Wireshark 中的“文件”菜单时,“保存”和“另存为”条目都显示为灰色,单击它们没有任何反应:
我希望保存 .cap 文件(从 Microsoft Message Analyzer v1.4 导出,最初由 netsh 捕获)中的数据包子集。
我试过了:
- 以管理员身份运行 Wireshark(在 Windows 7 Pro 上)。
- 确保我拥有 .cap 文件及其所在文件夹的所有权。
这文档对于“另存为”功能,没有提及在什么情况下该选项会变灰且不可用。
有人知道发生了什么事吗?
捕获文件属性:
Created by Wireshark 2.6.5 (v2.6.5-0-gf766965a)
File
Name:
C:\Users\user\Downloads\NetTrace - Copy.cap
Length:
11 MB
Format:
Microsoft NetMon 2.x
Encapsulation:
Ethernet
Time
First packet:
2018-11-30 09:06:17
Last packet:
2018-11-30 09:19:04
Elapsed:
00:12:46
Capture
Hardware:
Unknown
OS:
Unknown
Application:
Unknown
Interfaces
Interface
Dropped packets
Capture filter
Link type
Packet size limit
Wireless Network Connection
Unknown
none
Ethernet
262144 bytes
Statistics
Measurement
Captured
Displayed
Marked
Packets
56200
191 (0.3%)
—
Time span, s
766.877
360.633
—
Average pps
73.3
0.5
—
Average packet size, B
178
346
—
Bytes
10015936
66086 (0.7%)
0
Average bytes/s
13 k
183
—
Average bits/s
104 k
1466
—
Wireshark 帮助 > 关于:
Version 2.6.5 (v2.6.5-0-gf766965a)
Compiled (64-bit) with Qt 5.9.7, with WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz (with SSE4.2), with 8065 MB of physical memory, with locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap, binary plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).
答案1
您无法通过 Wireshark 本身执行此操作。
使用该程序編輯,它是与Wireshark一起安装的控制台程序。
例如,要获取编号 1 到 500 (含)的所有数据包,请使用:
editcap -r capture.pcap first500.pcap 1-500