Wireshark mailing list archives
Re: from the past
From: M K <gedropi () gmail com>
Date: Wed, 24 Mar 2010 13:15:07 -0800
I was able to stop the capture within WS, then I went to the Temp folder and within my hex editor was able to Save as. Of course, pcap was not offered as an extension but I typed it in anyway. Sure enough, it took. Then I went back to WS and opened that etherXXXXa####.pcap file. Basically, with its new extension, it looks identical to the original WS capture. I will now try to obtain a capture with the password captured to see if I get any closer to determining who is pulling this info. Thanks On 3/24/10, Guy Harris <guy () alum mit edu> wrote:
On Mar 24, 2010, at 1:29 PM, M K wrote:The WS capture file does have time stamps. The etherXXXXa file lives at: \Documents and Settings\Administrator\Local Settings\Temp within Windows. This tmp file does not appear to have obvious timestamps.The etherXXXXa is almost certainly a Wireshark capture file; that file name ("ether" dates back to when it was called Ethereal rather than Wireshark) is the type of file name Wireshark uses when capturing - when it's capturing, it writes the packets to a temporary file, in pcap format. Try opening it in Wireshark. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
-- All that is necessary for evil to succeed is that good men do nothing. ~Edmund Burke ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: from the past, (continued)
- Re: from the past Gianluca Varenni (Mar 24)
- Re: from the past M K (Mar 24)
- Re: from the past Gianluca Varenni (Mar 24)
- Re: from the past M K (Mar 24)
- Re: from the past Martin Visser (Mar 24)
- Re: from the past Abhik Sarkar (Mar 24)
- Re: from the past bart sikkes (Mar 25)
- Re: from the past M K (Mar 25)
- Re: from the past Guy Harris (Mar 24)
- Re: from the past Guy Harris (Mar 24)
- Re: from the past M K (Mar 24)