Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4598] Caching of logon info

Date: Wed, 24 Mar 2010 06:56:40 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4598

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |jeff.morriss.ws@xxxxxxxxx
         Resolution|                            |INVALID

--- Comment #1 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-03-24 06:56:31 PDT ---
This sounds more like a question than a bug report--it would be better asked on
one of the mailing lists, probably wireshark-users.  (You'd get a much wider
audience there than via the bug tracker.)

Anyway, a brief answer: Wireshark on Windows relies on WinPCAP to do the
capturing.  I'm pretty sure WinPCAP won't start capturing until you ask it to
do so.  And I'm pretty sure that the OS's TCP/IP stack isn't going to cache
stuff to give to WinPCAP after the fact.

(BTW, the etherXXX file is just the temporary PCAP file that contains the
packets that were captured--and what Wireshark displays for you.  The fact that
your password, etc., are in there just indicate that your password, etc., were
sent over the wire unencrypted.)

Maybe someone on -users would have a better explanation of why you're seeing
this.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.