Re: Req: Information regarding wireshark file logging

[Guy Harris <guy () alum mit edu>]

On May 30, 2010, at 9:15 PM, surabhi pandey wrote:

> I want to know how the wireshark captured file are stored (i.e) in which format is it stored , whether a live capture 
> is stored temporarily in a file or is it stored in some database. If in the file than what is the file format it 
> uses. 

A live capture is stored in a temporary file.  The file is in, as Douglas Ross noted, in libpcap format; that format 
was originated in the libpcap library (or possibly in the tcpdump program, if tcpdump existed before libpcap did; 
perhaps libpcap was made out of the low-level platform-dependent capture portion of tcpdump), and is also used by many 
other programs, including tcpdump.

Newer versions of Wireshark can also save the temporary file in pcap-ng format; see

        http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe