ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-users: Re: [Wireshark-users] from the past

From: M K <gedropi@xxxxxxxxx>
Date: Wed, 24 Mar 2010 09:12:35 -0800
But I expected that the etherXXXXA tmp file would capture
current/realtime traffic, not from the past.

This isn't a criticism of WS.  I know that WS is a literal program.

On 3/24/10, Jeff Morriss <> wrote:
> M K wrote:
>> That is exactly what I am doing.  I log onto my Windows machine, then
>> my ISP, then my proxy.  Then maybe go to a few websites, for example.
>> Then maybe after a half hour, I may then start up a WS capture.
>> Still, even after all that time between logons and actually starting a
>> capture, the etherXXXXa tmp file still contains this private info.
>> According to Jeff, the etherXXXXa file only captures what is not
>> encrypted.  That makes this even more scary.  That means that not only
>> is the info being captured but it isn't even being protected by even
>> low-grade encryption.
> Actually, the etherXXXX file captures everything, even if it is
> encrypted.  But you'll only find, for example, your password in plain
> text in that file (and in Wireshark's display) if the password is not
> encrypted.  (If it were encrypted, your password would not be recognizable.)
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:
> Unsubscribe:
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

All that is necessary for evil to succeed is that good men do nothing.

              ~Edmund Burke