This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Standard way people should “attach” capture files to questions in this Q&A site?

How does this forum suggest people at least refer to sample capture files they might have. From what it seems the forum software doesn't allow uploading such attachments. What are some good alternatives? While many of us have our own web servers to make this relatively easy, this doesn't work for the average Joe.

attachment

asked 02 Dec '10, 23:26

martyvis
891●1●5●25
accept rate: 7%

edited 11 Jul '17, 13:08

Guy Harris ♦♦
17.4k●3●35●196

In the past, I've used box.net when I needed to share files. It doesn't cost any money unless the files are large (10MB??) and the folks retrieving the file don't have to sign up.

(03 Dec '10, 11:11) hansangb

2 Answers:

I just thought about Google Docs, and that seems to work well. (Sharing a SNMP capture here - snmp.pcap )

Either way, just as with the mailing list, submitters need to make sure sensitive information about their network isn't made public.

answered 03 Dec '10, 15:39

martyvis
891●1●5●25
accept rate: 7%

"Either way, just as with the mailing list, submitters need to make sure sensitive information about their network isn't made public."

Very hard to do, yes?

I do want somebody to help reading traces, sensitive information, by this time will not show up in a trace.

(03 Aug '11, 17:41) LaoziSailor

If you have sensitive traces, and you need help interpreting them, then either you'll have to run the trace through something that will anonymize sensitive information (network addresses can be anonymized; other information may be difficult or impossible to anonymize) or you'll have to somehow find somebody you can trust to look at the capture.

(03 Aug '11, 18:00) Guy Harris ♦♦

As a possible alternative, you can rename the capture file as a .jpg, and then upload the file as if it were an image, as I've done below. (Remember to change the default image name from alt text to the name of the file so others will know its name when they download it.)

ethershark.pcapng

This should work for small capture files up to 10MB, and the "image" above is an example to test if this actually does work. EDIT: It does work, but you need to right-click and choose Copy instead of Save As and then paste it locally (using IE), or right-click and choose View Image, File -> Save Page As (using Firefox).

If you'd prefer an actual image to be displayed, it's also possible to combine an actual image (perhaps a screenshot of your capture file) with a compressed capture file into a merged file that still appears to be the original image file. There are several youtube videos that illustrate how to do this, such as:

The basic steps are:

Compress your capture file
Open command prompt
Merge image file with capture file:
a. Windows: COPY /B image.jpg + file_pcap.zip image_file_pcap.jpg
b. *nix: cat image.jpg file_pcap.zip > image_file_pcap.jpg
Upload merged image file

I've also attached an image created in this manner, which appears below as a screenshot. To extract the capture file from it (instructions provided using 7-zip):

Download it by right-clicking on the image and choosing "Save Image As"
Open it with the 7-Zip File Manager
Click on Extract
Choose folder and click OK
Open the extracted capture file in Wireshark

The advantage of using this method is that you don't need to create an account elsewhere and all capture files are archived locally. The disadvantage is that the file size is limited and there's a bit of extra work involved with uploading/downloading the capture file(s).

answered 11 Jul '17, 12:41

cmaynard ♦♦
9.4k●10●38●142
accept rate: 20%

edited 04 Jan '19, 10:53