Wireshark mailing list archives

Re: Req: Information regarding wireshark file logging

From: Douglas Ross <doug_ross_59 () yahoo co uk>
Date: Mon, 31 May 2010 06:54:13 -0700 (PDT)

I'd like to discuss a point about "temporary" files.

In my experience (Windows), ethereal/wireshark creates files in the location specified by the user (if not stdout).
So they are "permanent".

However, they may be overwritten if the "ring buffer" specifications allow.

Or have I missed something we should all be aware of ?

Doug




________________________________
From: Guy Harris <guy () alum mit edu>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Mon, 31 May, 2010 6:12:51 PM
Subject: Re: [Wireshark-users] Req: Information regarding wireshark file logging


On May 30, 2010, at 9:15 PM, surabhi pandey wrote:

I want to know how the wireshark captured file are stored (i.e) in which format is it stored , whether a live capture 
is stored temporarily in a file or is it stored in some database. If in the file than what is the file format it 
uses.


A live capture is stored in a temporary file.  The file is in, as Douglas Ross noted, in libpcap format; that format 
was originated in the libpcap library (or possibly in the tcpdump program, if tcpdump existed before libpcap did; 
perhaps libpcap was made out of the low-level platform-dependent capture portion of tcpdump), and is also used by many 
other programs, including tcpdump.

Newer versions of Wireshark can also save the temporary file in pcap-ng format; see

    http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Req: Information regarding wireshark file logging surabhi pandey (May 30)
- Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
- Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
  - Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)
    - Re: Req: Information regarding wireshark file logging Jaap Keuter (May 31)
    - Re: Req: Information regarding wireshark file logging Guy Harris (May 31)
    - Re: Req: Information regarding wireshark file logging Douglas Ross (May 31)