Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] tshark creates files in temp dir
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 6 Nov 2008 15:53:21 -0800
On Nov 6, 2008, at 9:39 AM, Al Aghili wrote:
When we run tshark on windows it sometimes creates these large files in Windows/temp directory that start with “ether”. Is there a way to turn this off?
Currently, no. TShark runs dumpcap to do the traffic capture, and currently, if you run it without the "-w" flag, tells dumpcap to write to a temporary file, and reads from the temporary file.
At some point it should be changed to, in that case, have dumpcap write the packets on a pipe, and read from the pipe.
When you terminate TShark with ^C, then it should get rid of the file. Is the problem that the file exists while the capture is being done (in which case there's currently nothing you can do to stop it), or that the file remains around after you terminate TShark?
- Follow-Ups:
- Re: [Wireshark-users] tshark creates files in temp dir
- From: Al Aghili
- Re: [Wireshark-users] tshark creates files in temp dir
- References:
- [Wireshark-users] tshark creates files in temp dir
- From: Al Aghili
- [Wireshark-users] tshark creates files in temp dir
- Prev by Date: Re: [Wireshark-users] tshark creates files in temp dir
- Next by Date: Re: [Wireshark-users] tshark creates files in temp dir
- Previous by thread: Re: [Wireshark-users] tshark creates files in temp dir
- Next by thread: Re: [Wireshark-users] tshark creates files in temp dir
- Index(es):