This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark - how to change the temp directory

0

Hello

I have tshark running on a windows 2012 server, and it is writing its temp files to this directory. C:\Users\%Username%\AppData\Local\Temp I need to move it to a new disk and directory d:\Temp I have changed the TEMP,TMP,TMPDIR environment variables to the new path D:\Temp and when I go to wireshark -> abut -> folders I can see the D:\Temp however the tshark keeps writing its temp files to the drive C: location. how can i make tshark write to the new directory. thank you

asked 18 Aug '14, 02:17

avi_m1968's gravatar image

avi_m1968
1112
accept rate: 0%

edited 18 Aug '14, 02:35


One Answer:

1

TShark/dumpcap uses the TEMP directory from the user environment variables - have you changed that one, or the system one? You could also always force tshark/dumpcap to write files to a specific location by using the "-w" parameter.

You might also be interested in this blog post: http://blog.packet-foo.com/2014/07/wireshark-file-storage/

answered 18 Aug '14, 02:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hello I have changed the USER ENV not the system. I can't use the -w since I'm reading the STDOUT of tshark if I use it I don't see STDOUT. any idea's what I'm doing wrong? thank you

(18 Aug '14, 02:40) avi_m1968

Have you verified that the command session you're running tshark in actually has the TEMP setting you assume? I usually check this by running the "SET" command. Maybe you're running the command line as a different user, e.g. from a task scheduler account?

(18 Aug '14, 02:42) Jasper ♦♦

I'm running the script from the task scheduler, but it is running as the user that i changed in his profile the environment variables. I have added commands to the script that would check and write to the file the environment variables that the script see's and i'll update you.

(18 Aug '14, 04:19) avi_m1968
1

you are right, even that the user ENV vars were changed when running the script it used the global ENV setting I added the the 3 SET commands TEMP,TMP,TMPDIR to the script before running tshark and it solved the problem. thank you :-)

(18 Aug '14, 04:54) avi_m1968