I would like to know if there is a way to save only No., Time, Source, Destination, Length field in Wireshark? I do not need the contents, I want it in plain text as well. Is this possible? Thank you.
If those are your only columns configured in Wireshark, then after loading a capture file you achieve this as follows: File -> Export Packet Dissections -> as "Plain Text" file... ->, then in the Packet Format section, select only the "Packet summary line" (and optionally "Include column headings" if you wish) and deselect everything else. Choose a filename and click "Save".
If you have other columns displayed, you can either hide or remove them first or create a separate profile with only the columns of interest displayed.
You can also accomplish this with tshark, Wireshark's command-line companion. There are several ways to do this, so select a method that best fits your needs. Here are some examples:
Using specified Wireshark columns: (Note: -e _ws.col.No. doesn't work)
tshark -r file.pcap -T fields -e frame.number -e _ws.col.Time -e _ws.col.Source -e _ws.col.Destination -e _ws.col.Length > file.txt
Using named fields: (assumes IPv4 addresses in Source and Destination columns)
tshark -r file.pcap -T fields -e frame.number -e frame.time -e ip.src -e ip.dst -e frame.len > file.txt
Rely on Wireshark's configured columns:
tshark -r file.pcap > file.txt
Rely on Wireshark's configured columns for a particular profile:
tshark -r file.pcap -C profilename > file.txt
Using column option: (First on Windows, then on *nix)
tshark -r file.pcap -o "gui.column.format:\"No.\",\"%m\",\"Time\",\"%t\",\"Source\",\"%s\",\"Destination\",\"%d\",\"Length\",\"%L\"" > file.txt
tshark -r file.pcap -o 'gui.column.format:"No.","%m","Time","%t","Source","%s","Destination","%d","Length","%L"" > file.txt
(Run tshark -G column-formats for more column options.)