Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] from the past

From: M K <gedropi@xxxxxxxxx>
Date: Wed, 24 Mar 2010 09:07:44 -0800
No.  There is no POP on this machine.  This is not related to email.
But as far as protocols go...
Logging onto Windows should be just local.  Right?
Logging onto ISP should be PPP PAP protocol; then TCP/UDP.  Right?
Then proxy logon; then  using SSL.

Another issue is that sometimes these are being captured; sometimes
not.  I am not sure what causes that info to be retained.  By its very
nature, since tmp files are temporary, that file disappears.

My question still is what program is causing this retention.  Is this
unencrypted data being transferred?

On 3/24/10, Graham Bloice <graham.bloice@xxxxxxxxxxxxx> wrote:
> On 24/03/2010 16:25, M K wrote:
>> That is exactly what I am doing.  I log onto my Windows machine, then
>> my ISP, then my proxy.  Then maybe go to a few websites, for example.
>> Then maybe after a half hour, I may then start up a WS capture.
>> Still, even after all that time between logons and actually starting a
>> capture, the etherXXXXa tmp file still contains this private info.
>> According to Jeff, the etherXXXXa file only captures what is not
>> encrypted.  That makes this even more scary.  That means that not only
>> is the info being captured but it isn't even being protected by even
>> low-grade encryption.
> What protocol is carrying this info, might it be POP3?
> --
> Regards,
> Graham Bloice

All that is necessary for evil to succeed is that good men do nothing.

              ~Edmund Burke