Save only Display Filter packets in Wireshark
How do I save ONLY the packets from the DISPLAY FILTER in Wireshark on the fly.
I am using Wireshark to capture traffic from my wireless adapter.
Capture Filter is "port 1863"
Display Filter is "msnms contains plain"
Saving using multiple files.
Next file every 100 MB.
Ring buffer with 2 files.
I would like to get Wireshark to save only the packets after the Display Filter in a separate file automatically so that I dont lose them when the ring buffer maxes out and rolls over.
I would like the program to run continuously saving only packets from the Display Filter on the fly and discarding the rest.
Is there a program that will save the displayed packets to a separate file just before the ring buffer file fills up and clears?
Any way to make the output of the display filter of one wireshark program be the input for a second wireshark program running at the same time.
Is there a better capture filter that will give me only the packets I want?