wireshark-users March 2010 archive
Main Archive Page > Month Archives  > wireshark-users archives
wireshark-users: Re: [Wireshark-users] from the past

Re: [Wireshark-users] from the past

From: M K <gedropi_at_nospam>
Date: Wed Mar 24 2010 - 21:15:07 GMT
To: Community support list for Wireshark <wireshark-users@wireshark.org>

I was able to stop the capture within WS, then I went to the Temp folder
and within my hex editor was able to Save as. Of course, pcap was not
offered as an extension but I typed it in anyway. Sure enough, it
took. Then I went back to WS and opened that etherXXXXa####.pcap
file. Basically, with its new extension, it looks identical to the
original WS capture. I will now try to obtain a capture with the
password captured to see if I get any closer to determining who is
pulling this info.

Thanks

On 3/24/10, Guy Harris <guy@alum.mit.edu> wrote:
>
> On Mar 24, 2010, at 1:29 PM, M K wrote:
>
>> The WS capture file does have time stamps. The etherXXXXa file lives
>> at: \Documents and Settings\Administrator\Local Settings\Temp within
>> Windows. This tmp file does not appear to have obvious timestamps.
>
> The etherXXXXa is almost certainly a Wireshark capture file; that file name
> ("ether" dates back to when it was called Ethereal rather than Wireshark) is
> the type of file name Wireshark uses when capturing - when it's capturing,
> it writes the packets to a temporary file, in pcap format.
>
> Try opening it in Wireshark.
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
> mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
>

-- All that is necessary for evil to succeed is that good men do nothing. ~Edmund Burke ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@wireshark.org?subject=unsubscribe