From: Guy Harris <guy@xxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Tue, 1 June, 2010 6:17:06 AM
Subject: Re: [Wireshark-users] Req: Information regarding wireshark file logging
On May 31, 2010, at 6:54 AM, Douglas Ross wrote:
> I'd like to discuss a point about "temporary" files.
> In my experience (Windows), ethereal/wireshark creates files in the location specified by the user (if not stdout).
> So they are "permanent".
As Jaap noted, the user doesn't have to specify a location - and, if they don't, it doesn't get written to the standard output. (In fact, Ethereal/Wireshark never allowed the capture to be written to the standard output,
and never will allow that; the capture has to exist in some form of storage as long as it's open.)
If the user doesn't specify a location, the packets are written to a file in a temporary file directory; if the user closes the capture, the file is removed. It is a named file in the file system, so it's "permanent" in that sense, but it's removed when the capture is closed, so it's not "permanent" in that sense.
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx