Wireshark-users: Re: [Wireshark-users] from the past
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Wed, 24 Mar 2010 13:05:36 -0400
M K wrote:
That is exactly what I am doing.  I log onto my Windows machine, then
my ISP, then my proxy.  Then maybe go to a few websites, for example.
Then maybe after a half hour, I may then start up a WS capture.
Still, even after all that time between logons and actually starting a
capture, the etherXXXXa tmp file still contains this private info.

According to Jeff, the etherXXXXa file only captures what is not
encrypted.  That makes this even more scary.  That means that not only
is the info being captured but it isn't even being protected by even
low-grade encryption.

Actually, the etherXXXX file captures everything, even if it is encrypted. But you'll only find, for example, your password in plain text in that file (and in Wireshark's display) if the password is not encrypted. (If it were encrypted, your password would not be recognizable.)