Ask Your Question
0

Customize the default path of temporary file when capturing

asked 2021-10-11 08:35:34 +0000

antonio1 gravatar image

updated 2021-10-12 09:30:07 +0000

grahamb gravatar image

Hi,

is it any possibility to configure default path a custom path for saving traces? I have Centos 7.9 with wireshark 1.10.14-25.el7 version. I have a posibility to choose another path from Options but that not what I want. Because Wireshark is using /tmp as default path and /tmp is so small that affect my OS when it's full, I need to configure permanently a new path, lat's say /var/tmp for saving captured files.

Do you have any solution for this? I tried also by using TMPDIR environment variable but not working.

thank you,

edit retag flag offensive close merge delete

Comments

I don't know about 1.10 as that's a prehistoric version, but current versions (on Windows at least) remember the place where files were last saved and default to that every time.

I would see if it's possible to upgrade, likely you'll need to build yourself due to your very old distro.

grahamb gravatar imagegrahamb ( 2021-10-11 09:02:28 +0000 )edit

even in the upgraded version I can't see this option in preferences. By the way, this version is the last version offered by CEntos 7.9 distro. Tell me just any way of setting this customized path for default capture files.

antonio1 gravatar imageantonio1 ( 2021-10-11 14:08:14 +0000 )edit

I misunderstood your question, I thought it was about the location used when you manually save a capture file post-capture, instead you're looking for a way to set the location of the temporary file while capturing.

grahamb gravatar imagegrahamb ( 2021-10-11 17:32:32 +0000 )edit

ok, so that's now clear does exist something hide to fulfill so small thing but so high needed? Lot of applications have configurable the path of working, why this hasn't?

antonio1 gravatar imageantonio1 ( 2021-10-12 07:38:46 +0000 )edit

Wireshark is a volunteer run project and folks mostly work on what they need or are interested in.

If you have something specific you need then your options are, in decreasing likelihood of getting that need fulfilled quickly:

  1. Implement the required change yourself.
  2. Pay someone else to implement the change.
  3. Raise an enhancement request over at the Wireshark Issues list completing all the information and describing the requirement as fully as possible and participating in any subsequent discussions about the enhancement. This might have been covered by issue 16432 so don't raise a new one if so, simply up-vote or comment on the existing one.

The last of those options obviously relies on a volunteer taking up the task.

grahamb gravatar imagegrahamb ( 2021-10-12 07:48:55 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2021-10-11 14:52:26 +0000

Jaap gravatar image

Set the TMPDIR environment variable to /var/tmp and run Wireshark. It uses Glib's g_get_tmp_dir for this, which looks for that in the environment.

edit flag offensive delete link more

Comments

That is also mentioned in the Wireshark man page under Capture:Options.

cmaynard gravatar imagecmaynard ( 2021-10-11 16:08:33 +0000 )edit

yes, you have right, it is mentioned in Wireshark man page but it does not work. Even with that var created and checked the wireshark still write temp file to /tmp. In Capture:Options I can indicate directly the path and the file name and it works but I want to set this default for any capture. Lot of operators are not paying too much attention and start the trace outside of options which goes directly to /tmp I want to avoid using /tmp totally for wireshark.

antonio1 gravatar imageantonio1 ( 2021-10-11 16:58:11 +0000 )edit

Okay, so it's dumpcap you're having a problem with (be aware: it's not Wireshark, but dumpcap that's writing into /tmp). As stated in the referenced bug, this is a security feature. It will require changes to dumpcap and Wireshark to create a suitable solution.

Jaap gravatar imageJaap ( 2021-10-12 09:10:20 +0000 )edit

I understand now, it's like wireshark is using dumpcap to decide this default path for saving, but Wireshark has already an option to save to another path with another name. Why not having Wireshark to configure the default path for working directory? If wireshark is hard to modify this, is it possible to configure in dumpcap this default path another one than /tmp and wireshark to use it?

antonio1 gravatar imageantonio1 ( 2021-11-02 14:56:36 +0000 )edit
0

answered 2021-10-11 16:05:34 +0000

Chuckc gravatar image

There is an open issue with some discussion about system security:
16432: There should be a way to specify an alternative directory for temporary capture files

edit flag offensive delete link more

Comments

opened for about 1 years but not already solved, this is really a big mess to reserve a field for optional default path for saving temporary files.

antonio1 gravatar imageantonio1 ( 2021-10-11 17:13:53 +0000 )edit

If you can add a comment to the Gitlab issue it will show activity and interest in having it fixed.

Chuckc gravatar imageChuckc ( 2021-10-11 17:21:16 +0000 )edit

it is hard to go there and contribute, but I'm here at wireshark home, why can't we discuss for a solution or for something missed by me?

antonio1 gravatar imageantonio1 ( 2021-10-12 07:40:02 +0000 )edit

There is some overlap between this site and the developers, but more developers look at Gitlab and the email list.
I added link to this question over on the existing Gitlab issue

Chuckc gravatar imageChuckc ( 2021-10-12 15:23:35 +0000 )edit
Chuckc gravatar imageChuckc ( 2022-02-09 14:39:14 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-10-11 08:35:34 +0000

Seen: 2,823 times

Last updated: Oct 12 '21