Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] from the past

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 24 Mar 2010 13:43:37 -0700
On Mar 24, 2010, at 1:29 PM, M K wrote:

> The WS  capture file does have time stamps.  The etherXXXXa file lives
> at:  \Documents and Settings\Administrator\Local Settings\Temp within
> Windows.  This tmp file does not appear to have obvious timestamps.

The etherXXXXa is almost certainly a Wireshark capture file; that file name ("ether" dates back to when it was called Ethereal rather than Wireshark) is the type of file name Wireshark uses when capturing - when it's capturing, it writes the packets to a temporary file, in pcap format.

Try opening it in Wireshark.