Wireshark · Wireshark-users: Re: [Wireshark-users] Req: Information regarding wireshark file logging

Wireshark-users: Re: [Wireshark-users] Req: Information regarding wireshark file logging

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 31 May 2010 01:12:51 -0700

On May 30, 2010, at 9:15 PM, surabhi pandey wrote:

> I want to know how the wireshark captured file are stored (i.e) in which format is it stored , whether a live capture is stored temporarily in a file or is it stored in some database. If in the file than what is the file format it uses. 

A live capture is stored in a temporary file.  The file is in, as Douglas Ross noted, in libpcap format; that format was originated in the libpcap library (or possibly in the tcpdump program, if tcpdump existed before libpcap did; perhaps libpcap was made out of the low-level platform-dependent capture portion of tcpdump), and is also used by many other programs, including tcpdump.

Newer versions of Wireshark can also save the temporary file in pcap-ng format; see

	http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

Follow-Ups:
- Re: [Wireshark-users] Req: Information regarding wireshark file logging
  - From: Douglas Ross

References:
- [Wireshark-users] Req: Information regarding wireshark file logging
  - From: surabhi pandey

Prev by Date: Re: [Wireshark-users] start stop tshark
Next by Date: Re: [Wireshark-users] TCP connection is still in ESTABLISH state actually it is disconnected
Previous by thread: Re: [Wireshark-users] Req: Information regarding wireshark file logging
Next by thread: Re: [Wireshark-users] Req: Information regarding wireshark file logging
Index(es):
- Date
- Thread