WEBVTT 00:00.090 --> 00:08.070 In this lecture, we are going to learn how to see our export specific packets. 00:08.070 --> 00:16.830 When you see packets into a file by default, Wireshark saves all the captured packets. 00:16.840 --> 00:17.430 Right. 00:17.430 --> 00:22.140 But we can also see specific packets as well. 00:22.170 --> 00:22.560 Right? 00:22.560 --> 00:29.820 We can save only filtered packets or the packets that you select manually. 00:29.820 --> 00:30.150 Right. 00:30.150 --> 00:38.970 Wireshark allows us to save specific packets from both unsaved and already saved file. 00:39.270 --> 00:41.310 It is actually pretty simple. 00:41.310 --> 00:42.060 So. 00:43.290 --> 00:45.540 Let me grab some packets first. 00:45.570 --> 00:50.910 Now, as you can see, Wireshark has captured a plenty of packets. 00:50.910 --> 00:51.430 Right. 00:51.450 --> 00:56.310 Now, I don't want to save all the captured packets. 00:56.310 --> 00:56.630 Right. 00:56.640 --> 01:02.490 Instead, I only want to save, let's say, the DNS packets. 01:02.490 --> 01:06.180 So apply the filter in your display filter bar. 01:06.210 --> 01:08.220 The ANS hit enter. 01:08.250 --> 01:13.950 Now I want to save only the DNS or filtered packets. 01:13.950 --> 01:20.480 So to do that, go to the file, click on export specific packets. 01:20.490 --> 01:29.310 Now down here, as you can see, by default, all packets button is selected right inside this captured 01:29.310 --> 01:38.310 file there are total 813 packets and displayed packets means the filtered packets. 01:38.310 --> 01:42.870 There are total 82 filtered or DNS packets. 01:42.870 --> 01:43.230 Right. 01:43.230 --> 01:45.630 So let it be all packets. 01:45.630 --> 01:49.770 Now give your file in name DNS. 01:49.800 --> 01:51.600 Now click on Save. 01:51.840 --> 01:54.720 Now let me open the DNS file. 01:57.100 --> 02:05.070 As you can see, guys inside the DNS file, we only have the DNS packets, right? 02:05.080 --> 02:12.680 So guys, in this way you can basically apply a filter, then save the filtered packets. 02:13.640 --> 02:15.890 Now let me open another file. 02:16.520 --> 02:16.780 Okay. 02:16.790 --> 02:20.570 Now, as you can see, this is an already saved file. 02:20.630 --> 02:29.350 Right now, I'm going to carve out or save specific packets from this existing file. 02:29.360 --> 02:29.780 Right. 02:29.780 --> 02:32.690 In this file, I have a plenty of traffic. 02:32.690 --> 02:32.930 Right. 02:32.930 --> 02:39.230 So I am only going to save ICMP packets from this file. 02:39.230 --> 02:41.390 So let me apply the filter. 02:41.420 --> 02:43.760 Now, again, repeat the process. 02:43.790 --> 02:46.880 Go to the file, click on export. 02:47.060 --> 02:50.900 Now let's see ICMP click on Save. 02:50.930 --> 02:55.100 Now let me open the saved file, which is ICMP. 02:55.130 --> 03:00.090 As you can see inside this file, I only have the ICMP packets. 03:00.110 --> 03:04.280 Now, let's select the packets manually. 03:05.180 --> 03:10.010 Now select the package that you want to save. 03:10.310 --> 03:16.100 Press and hold the control button, then select the packets. 03:16.130 --> 03:19.130 I'm going to select this three way handshake. 03:19.130 --> 03:26.960 First three packets and another packet will be the fourth packet, which is an ICMP packet. 03:26.990 --> 03:31.850 Now go to the file, click on export specific packets. 03:31.880 --> 03:38.690 Now here, as you can see, we have the option selected packets only click on the button. 03:38.720 --> 03:42.950 It also tells you how many packets you have selected. 03:42.980 --> 03:46.400 As you can see, I have selected four packets. 03:46.400 --> 03:49.960 So give your file a name selected. 03:49.970 --> 03:51.720 Click on Save. 03:51.740 --> 03:54.260 Now let me open the selected file. 03:55.310 --> 03:57.610 As you can see, there is inside this file. 03:57.620 --> 04:03.470 I only have the packets that I selected and exported. 04:03.470 --> 04:04.100 Right. 04:04.190 --> 04:08.920 Again, go to the file, click on export specific packets. 04:08.930 --> 04:11.780 Now select the range option. 04:11.780 --> 04:14.780 Here you can specify a range, right. 04:14.780 --> 04:18.140 So I'm going to specify from 1 to 3. 04:18.140 --> 04:24.170 So Wireshark is going to save packets from 1 to 3, right? 04:24.170 --> 04:27.290 It will see the three way handshake. 04:27.650 --> 04:31.640 Now give a name to your file range. 04:31.640 --> 04:33.050 Click on Save. 04:33.380 --> 04:39.110 Now, we should have first three packets go to the file range. 04:39.440 --> 04:43.070 As you can see, guys, we have first three packets.