On Nov 6, 2008, at 9:39 AM, Al Aghili wrote:
When we run tshark on windows it sometimes creates these large files
in Windows/temp directory that start with “ether”. Is there a way to
turn this off?
Currently, no. TShark runs dumpcap to do the traffic capture, and
currently, if you run it without the "-w" flag, tells dumpcap to write
to a temporary file, and reads from the temporary file.
At some point it should be changed to, in that case, have dumpcap
write the packets on a pipe, and read from the pipe.
When you terminate TShark with ^C, then it should get rid of the
file. Is the problem that the file exists while the capture is being
done (in which case there's currently nothing you can do to stop it),
or that the file remains around after you terminate TShark?