Saving Captured Packets in Wireshark Last Updated : 23 Jul, 2025 Comments Improve Suggest changes Like Article Like Report Prerequisite: Wireshark Packet Capturing and Analyzing In Wireshark, after capturing some traffic of a network we can save the capture file on our local device so that it can be analyzed thoroughly in the future. We can save captured packets by using the File → Save or File → Save As… menu items. This will bring up the "Save Capture File As” dialogue box. While saving, we can select some specific packets and also choose different file formats according to our use. But most of the file formats don’t record the number of dropped packets. If we are exiting without saving the current capture file then we will be prompted with a message to save the file first to prevent data loss. This warning can be disabled in the preferences. Wireshark uses the pcapng file format as the default format to save captured packets. Save Capture File As Dialogue Box:The “Save Capture File As” dialogue box allows us to save the current capture to a file in our local system. The appearance of this dialogue box varies from system to system, but the functionality is the same across all systems. Windows: Linux: While saving, we can decide on many formats of the capture file by clicking on the "Save as" drop-down box. Below are the following file formats in which a capture file can be saved by Wireshark : pcap: The libpcap packet capture library uses pcap as the default file format. The tcpdump, _Snort, Nmap, and Ntop also use pcap as the default file format.pcapng: Wireshark 1.8 or later uses the pcapng file format as the default format to save captured packets. Microsoft Network Monitor: NetMon (*.cap)Network Associates Sniffer: DOS (*.cap,*.enc,*.trc,*.fdc,*.syc), Windows (*.cap)Cinco Networks NetXray captures (*.capNovell LANalyzer (*.tr1)Oracle (previously Sun) snoop (*.snoop,*.cap)Visual Networks Visual UpTime traffic (*.*)Symbian OS btsnoop captures (*.log)Some file formats may not be available depending on the packet types captured. The “Compress with gzip” option will compress the capture file as it is being written to disk. We can also convert a capture file format to another format by opening it and saving it in a different format. Comment More infoAdvertise with us Next Article Printing Packets in Wireshark K kaalel Follow Improve Article Tags : Ethical Hacking Wireshark - Working With Captured Packets Similar Reads Viewing Packets You Have Captured in Wireshark Prerequisite: Wireshark – Packet Capturing and Analyzing After capturing some packets or after opening a previously saved captured file, we have to analyze and view the captured packets in detail. To view the packets that are displayed in the packet list pane, simply click on a packet that you want 2 min read Printing Packets in Wireshark Prerequisite: Wireshark – Packet Capturing and Analyzing Using Wireshark to print data packets sent between two devices connected over a network is quite easy. All one needs to do is install Wireshark on both machines and enable packet logging on each device's settings menu. Once packet logging is e 3 min read Merging Captured Files in Wireshark One of the features of Wireshark is that we can capture packets from multiple interfaces. We can start analyzing multiple interfaces by pressing the left CTRL key and then clicking on the multiple interfaces displayed on the main window of the Wireshark. While capturing packets from multiple interfa 2 min read Packet Format Frame in Wireshark Pre-requisites: Introduction to Wireshark After capturing some packets or after opening a previously saved captured file and analyzing them, sometimes we need to print the details of the captured packets. To print the packets, click on the "File" menu and then select the “Print†menu item. This will 2 min read Capture Menu Functions in Wireshark Wireshark is a software tool used to monitor the network traffic through a network interface card. It is the most widely used network monitoring tool today. Wireshark is loved equally by system administrators, network engineers, network admins, network security professionals, and black hat hackers. 2 min read Capture Options Dialog Box in Wireshark Wireshark is an open source computer software that supports network troubleshooting and surveillance. It allows users to monitor and analyze network traffic. This software runs on a personal computer or on a mobile device, allowing users to capture and view packets captured on a network. Analyzing t 5 min read Like