Wireshark mailing list archives
Re: Req: Information regarding wireshark file logging
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Mon, 31 May 2010 17:11:54 +0200
Hi, So where does Wireshark store files when you don't specifiy a location? Thanks, Jaap On Mon, 31 May 2010 06:54:13 -0700 (PDT), Douglas Ross wrote: I'd like to discuss a point about "temporary" files. In my experience (Windows), ethereal/wireshark creates files in the location specified by the user (if not stdout). So they are "permanent". However, they may be overwritten if the "ring buffer" specifications allow. Or have I missed something we should all be aware of ? Doug ------------------------- FROM: Guy Harris TO: Community support list for Wireshark SENT: Mon, 31 May, 2010 6:12:51 PM SUBJECT: Re: [Wireshark-users] Req: Information regarding wireshark file logging On May 30, 2010, at 9:15 PM, surabhi pandey wrote:
I want to know how the
wireshark captured file are stored (i.e) in which format is it stored , whether a live capture is stored temporarily in a file or is it stored in some database. If in the file than what is the file format it uses. A live capture is stored in a temporary file. The file is in, as Douglas Ross noted, in libpcap format; that format was originated in the libpcap library (or possibly in the tcpdump program, if tcpdump existed before libpcap did; perhaps libpcap was made out of the low-level platform-dependent capture portion of tcpdump), and is also used by many other programs, including tcpdump. Newer versions of Wireshark can also save the temporary file in pcap-ng format; see http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html [1] Links: ------ [1] http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Req: Information regarding wireshark file logging surabhi pandey (May 30)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Jaap Keuter (May 31)
- Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)