Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

When the capture file is created, file is created with "600" permission. umask did not help.

Wireshark's done that since 1999; the commit to do that was

commit c31abd81fa1fa78b0ac19d0b1de3d492a016768c
Author: Gilbert Ramirez <[email protected]>
Date:   Sat Jul 31 23:06:13 1999 +0000

    chmod() the temporary capture file to 0600 so that only the user can
    read the trace. We chmod() after pcap creates the file, but before it actually
    writes data there. Thanks to Frederic Peters <[email protected]>,
    the Debian maintainer of Ethereal, for pointing this out.

Is there an option to set to make it say 644 or some other file permission.

There is, but it's command-line only (-g); there's no such option for Wireshark.

  1. Capture file is created without any file extension, is there a setting to include the file extension(.pcapng).

No - if you give an explicit file name (which you have to do with a ring buffer), you have to give the extension explicitly, e.g. if you specify "hello.pcapng" in the Output pane of the Capture Options dialog, the files have names like hello_00001_20200226191351.pcapng.