path: root/docbook/wsug_src/WSUG_app_files.xml

<!-- WSUG Appendix Files -->
<!-- $Id$ -->

<appendix id="AppFiles">
  <title>Files and Folders</title>

  <section id="ChAppFilesCaptureFilesSection"><title>Capture Files</title>
    <para>
    To understand which information will remain available after
    the captured packets are saved to a capture file,
    it's helpful to know a bit about the capture file contents.
    </para>
    <para>
    Wireshark uses the libpcap file format as the default format to save
    captured packets; this format has existed for a long time and it's pretty simple.
    However, it has some drawbacks: it's not extensible and lacks some
    information that would be really helpful (e.g. being able to add a comment
    to a packet such as "the problems start here" would be really nice).
    </para>
    <para>
    In addition to the libpcap format, Wireshark supports several different
    capture file formats. However, the problems described above also applies
    for these formats.
    </para>
    <para>
    A new capture file format "PCAP Next Generation Dump File Format"
    is currently under development, which will fix these drawbacks.
    However, it still might take a while until the new file format is ready
    and Wireshark can use it.
    </para>
  <section id="ChIOFileContentSection"><title>Libpcap File Contents</title>
    <para>
    At the start of each libpcap capture file some basic information is stored
    like a magic number to identify the libpcap file format.
    The most interesting information of this file start is the link layer type
    (Ethernet, Token Ring, ...).
    </para>
    <para>
    The following data is saved for each packet:
    <itemizedlist>
    <listitem>
      <para>
        the timestamp with millisecond resolution
      </para>
    </listitem>
    <listitem>
      <para>
        the packet length as it was "on the wire"
      </para>
    </listitem>
    <listitem>
      <para>
          the packet length as it's saved in the file
      </para>
    </listitem>
    <listitem>
      <para>
        the packet's raw bytes
      </para>
    </listitem>
      </itemizedlist>
    A detailed description of the libpcap file format can be found at:
    <ulink url="http://wiki.wireshark.org/Development/LibpcapFileFormat"/>
    </para>
  </section>
  <section id="ChIOFileNotContentSection"><title>Not Saved in the Capture File</title>
    <para>
    Probably even more interesting for everyday Wireshark usage is to know
    the things that are <command>not saved</command> in the capture file:
    <itemizedlist>
    <listitem>
      <para>
        current selections (selected packet, ...)
      </para>
    </listitem>
    <listitem>
      <para>
        name resolution information, see <xref
        linkend="ChAdvNameResolutionSection"/> for details
        <warning><title>Warning!</title>
        <para>
        The name resolution information is rebuilt each time Wireshark is
        restarted so this information might even change when the capture file
        is reopened on the same machine later!
        </para>
        </warning>
      </para>
    </listitem>
    <listitem>
      <para>
        the number of packets dropped while capturing
      </para>
    </listitem>
    <listitem>
      <para>
        packet marks set with "Edit/Mark Packet"
      </para>
    </listitem>
    <listitem>
      <para>
        time references set with "Edit/Time Reference"
      </para>
    </listitem>
    <listitem>
      <para>
        the current display filter
      </para>
    </listitem>
    <listitem>
      <para>
        ...
      </para>
    </listitem>
      </itemizedlist>
    </para>
  </section>
  </section>

    <section id="ChAppFilesConfigurationSection"><title>Configuration Files and Folders</title>
    <para>
      Wireshark uses a number of files and folders while it is running. Some
      of these reside in the personal configuration folder and are used to
      maintain information between runs of Wireshark, while some of them are
      maintained in system areas.
    </para>
    <tip><title>Tip</title>
    <para>A list of the folders Wireshark actually uses can be found under the
    <command>Folders</command> tab in the dialog box shown when you select
    <command>About Wireshark</command> from the <command>Help</command> menu.
    </para>
    </tip>
    <para>
    The content format of the configuration files is the same on all platforms.
    However, to match the different policies for Unix and Windows platforms,
    different folders are used for these files.
    </para>
    <table id="AppFilesTabFolders" frame="none">
    <title>Configuration files and folders overview</title>
      <tgroup cols="4">
    <colspec colnum="1" colwidth="72pt"/>
      <colspec colnum="2" colwidth="80pt"/>
      <colspec colnum="3" colwidth="80pt"/>
        <thead>
          <row>
        <entry>File/Folder</entry>
        <entry>Description</entry>
        <entry>Unix/Linux folders</entry>
        <entry>Windows folders</entry>
          </row>
        </thead>
        <tbody>
          <row>
        <entry><command>preferences</command></entry>
        <entry>Settings from the Preferences dialog box.</entry>
        <entry>/etc/wireshark.conf, $HOME/.wireshark/preferences</entry>
        <entry>%WIRESHARK%\wireshark.conf, %APPDATA%\Wireshark\preferences</entry>
          </row>
          <row>
        <entry><command>recent</command></entry>
        <entry>Recent GUI settings (e.g. recent files lists).</entry>
        <entry>$HOME/.wireshark/recent</entry>
        <entry>%APPDATA%\Wireshark\recent</entry>
          </row>
          <row>
        <entry><command>cfilters</command></entry>
        <entry>Capture filters.</entry>
        <entry>$HOME/.wireshark/cfilters</entry>
        <entry>%WIRESHARK%\cfilters, %APPDATA%\Wireshark\cfilters</entry>
          </row>
          <row>
        <entry><command>dfilters</command></entry>
        <entry>Display filters.</entry>
        <entry>$HOME/.wireshark/dfilters</entry>
        <entry>%WIRESHARK%\dfilters, %APPDATA%\Wireshark\dfilters</entry>
          </row>
          <row>
        <entry><command>colorfilters</command></entry>
        <entry>Coloring rules.</entry>
        <entry>$HOME/.wireshark/colorfilters</entry>
        <entry>%WIRESHARK%\colorfilters, %APPDATA%\Wireshark\colorfilters</entry>
          </row>
          <row>
        <entry><command>disabled_protos</command></entry>
        <entry>Disabled protocols.</entry>
        <entry>$HOME/.wireshark/disabled_protos</entry>
        <entry>%WIRESHARK%\disabled_protos, %APPDATA%\Wireshark\disabled_protos</entry>
          </row>
          <row>
        <entry><command>ethers</command></entry>
        <entry>Ethernet name resolution.</entry>
        <entry>/etc/ethers, $HOME/.wireshark/ethers</entry>
        <entry>%WIRESHARK%\ethers, %APPDATA%\Wireshark\ethers</entry>
          </row>
          <row>
        <entry><command>manuf</command></entry>
        <entry>Ethernet name resolution.</entry>
        <entry>/etc/manuf, $HOME/.wireshark/manuf</entry>
        <entry>%WIRESHARK%\manuf, %APPDATA%\Wireshark\manuf</entry>
          </row>
          <row>
        <entry><command>hosts</command></entry>
        <entry>IPv4 and IPv6 name resolution.</entry>
        <entry>/etc/hosts, $HOME/.wireshark/hosts</entry>
        <entry>%WIRESHARK%\hosts, %APPDATA%\Wireshark\hosts</entry>
          </row>
          <row>
        <entry><command>services</command></entry>
        <entry>Network services.</entry>
        <entry>/etc/services, $HOME/.wireshark/services</entry>
        <entry>%WIRESHARK%\services, %APPDATA%\Wireshark\services</entry>
          </row>
          <row>
        <entry><command>subnets</command></entry>
        <entry>IPv4 subnet name resolution.</entry>
        <entry>/etc/subnets, $HOME/.wireshark/subnets</entry>
        <entry>%WIRESHARK%\subnets, %APPDATA%\Wireshark\subnets</entry>
          </row>
          <row>
        <entry><command>ipxnets</command></entry>
        <entry>IPX name resolution.</entry>
        <entry>/etc/ipxnets, $HOME/.wireshark/ipxnets</entry>
        <entry>%WIRESHARK%\ipxnets, %APPDATA%\Wireshark\ipxnets</entry>
          </row>
          <row>
        <entry><command>plugins</command></entry>
        <entry>Plugin directories.</entry>
        <entry>/usr/share/wireshark/plugins,
          /usr/local/share/wireshark/plugins,
          $HOME/.wireshark/plugins
        </entry>
        <entry>%WIRESHARK%\plugins\&lt;version&gt;,
        %APPDATA%\Wireshark\plugins</entry>
          </row>
          <row>
        <entry><command>temp</command></entry>
        <entry>Temporary files.</entry>
        <entry>Environment: TMPDIR</entry>
        <entry>Environment: TMPDIR or TEMP</entry>
          </row>
        </tbody>
      </tgroup>
    </table>
    <note><title>Windows folders</title>
    <para>
    %APPDATA% points to the personal configuration folder, e.g.:
    <filename>C:\Documents and Settings\&lt;username&gt;\Application Data</filename>
    (details can be found at: <xref linkend="ChWindowsProfiles"/>),
    </para>
    <para>
    %WIRESHARK% points to the Wireshark program folder, e.g.:
    <filename>C:\Program Files\Wireshark</filename>
    </para>
    </note>
    <note><title>Unix/Linux folders</title>
    <para>
    The <filename>/etc</filename> folder is the global Wireshark configuration
    folder. The folder actually used on your system
    may vary, maybe something like: <filename>/usr/local/etc</filename>.
    </para>
    <para>
    $HOME is usually something like: <filename>/home/&lt;username&gt;</filename>
    </para>
    </note>
    <para>
      <variablelist>
    <varlistentry>
      <term><command>preferences/wireshark.conf</command></term>
      <listitem>
        <para>
          This file contains your Wireshark preferences,
          including defaults for capturing and displaying packets.
          It is a simple text file containing statements of the form:
          <programlisting>
variable: value
          </programlisting>
          The settings from this file are
          read in at program start and written to disk when you press the
          Save button in the "Preferences" dialog box.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>recent</command></term>
      <listitem>
        <para>
          This file contains various GUI related settings like the main window
          position and size, the recent files list and such.
          It is a simple text file containing statements of the form:
          <programlisting>
variable: value
          </programlisting>
          It is read at program start and written at program exit.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry><term><command>cfilters</command></term>
      <listitem>
        <para>
          This file contains all the capture filters that you have defined
          and saved. It consists of one or more lines, where each
          line has the following format:
          <programlisting>
"&lt;filter name>" &lt;filter string>
          </programlisting>
         The settings from this file are read in at program start and written
        to disk when you press the Save button in the "Capture Filters" dialog
        box.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry><term><command>dfilters</command></term>
      <listitem>
        <para>
          This file contains all the display filters that you have defined
          and saved. It consists of one or more lines, where each
          line has the following format:
          <programlisting>
"&lt;filter name>" &lt;filter string>
          </programlisting>
         The settings from this file are read in at program start and written
        to disk when you press the Save button in the "Display Filters" dialog
        box.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>colorfilters</command></term>
      <listitem>
        <para>
          This file contains all the color filters that you have
          defined and saved. It consists of one or more lines,
          where each line has the following format:
          <programlisting>
@&lt;filter name>@&lt;filter string>@[&lt;bg RGB(16-bit)>][&lt;fg RGB(16-bit)>]
          </programlisting>
        </para>
        <para>
         The settings from this file are read in at program start and written
        to disk when you press the Save button in the "Coloring Rules" dialog
        box.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>disabled_protos</command></term>
      <listitem>
        <para>
          Each line in this file specifies a disabled protocol name. The
          following are some examples:
          <programlisting>
tcp
udp
          </programlisting>
        </para>
        <para>
         The settings from this file are read in at program start and written
        to disk when you press the Save button in the "Enabled Protocols"
        dialog box.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term>
        <command>ethers</command>
      </term>
      <listitem>
        <para>
          When Wireshark is trying to translate Ethernet hardware
          addresses to names, it consults the files listed in
          <xref linkend="AppFilesTabFolders"/>.
          If an address is not found in /etc/ethers,
          Wireshark looks in $HOME/.wireshark/ethers
        </para>
        <para>
          Each line in these files consists of one hardware address and
          name separated by whitespace. The digits of hardware
          addresses are separated by colons (:), dashes (-) or
          periods(.). The following are some examples:
          <programlisting>
ff-ff-ff-ff-ff-ff    Broadcast
c0-00-ff-ff-ff-ff    TR_broadcast
00.2b.08.93.4b.a1    Freds_machine
          </programlisting>
         The settings from this file are read in at program start and never
        written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>manuf</command></term>
      <listitem>
        <para>
          Wireshark uses the files listed in <xref linkend="AppFilesTabFolders"/>
          to translate the first three bytes of an Ethernet address into a
          manufacturers name.  This file has the same format as the ethers
          file, except addresses are three bytes long.
        </para>
        <para>
          An example is:
          <programlisting>
00:00:01    Xerox                  # XEROX CORPORATION
          </programlisting>
        </para>
        <para>
         The settings from this file are read in at program start and never
        written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>hosts</command></term>
      <listitem>
        <para>
          Wireshark uses the files listed in <xref linkend="AppFilesTabFolders"/>
          to translate IPv4 and IPv6 addresses into names.
        </para>
        <para>
          This file has the same format as the usual /etc/hosts file on Unix systems.
        </para>
        <para>
          An example is:
          <programlisting>
# Comments must be prepended by the # sign!
192.168.0.1 homeserver
          </programlisting>
        </para>
        <para>
         The settings from this file are read in at program start and never
        written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>services</command></term>
      <listitem>
        <para>
          Wireshark uses the files listed in <xref linkend="AppFilesTabFolders"/>
          to translate port numbers into names.
        </para>
        <para>
          An example is:
          <programlisting>
mydns       5045/udp     # My own Domain Name Server
mydns       5045/tcp     # My own Domain Name Server
          </programlisting>
        </para>
        <para>
          The settings from this file are read in at program start and never
          written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>subnets</command></term>
      <listitem>
        <para>
          Wireshark uses the files listed in <xref linkend="AppFilesTabFolders"/>
          to translate an IPv4 address into a subnet name. If no exact match from the
          hosts file or from DNS is found, Wireshark will attempt a partial match for the subnet
          of the address.
        </para>
        <para>
          Each line of this file consists of an IPv4 address, a subnet mask length separated
          only by a '/' and a name separated by whitespace. While the address must be a full IPv4
          address, any values beyond the mask length are subsequently ignored.
        </para>

        <para>
          An example is:
          <programlisting>
# Comments must be prepended by the # sign!
192.168.0.0/24 ws_test_network
          </programlisting>
        </para>
        <para>
        A partially matched name will be printed as "subnet-name.remaining-address". For example,
        "192.168.0.1" under the subnet above would be printed as "ws_test_network.1"; if the mask length
        above had been 16 rather than 24, the printed address would be "ws_test_network.0.1".
        </para>
        <para>
         The settings from this file are read in at program start and never
        written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>ipxnets</command></term>
      <listitem>
        <para>
          Wireshark uses the files listed in <xref linkend="AppFilesTabFolders"/>
          to translate IPX network numbers into names.
        </para>
        <para>
          An example is:
          <programlisting>
C0.A8.2C.00      HR
c0-a8-1c-00      CEO
00:00:BE:EF      IT_Server1
110f             FileServer3
          </programlisting>
        </para>
        <para>
         The settings from this file are read in at program start and never
        written by Wireshark.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>plugins</command> folder</term>
      <listitem>
        <para>
          Wireshark searches for plugins in the directories listed in
          <xref linkend="AppFilesTabFolders"/>.
          They are searched in the order listed.
        </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><command>temp</command> folder</term>
      <listitem>
        <para>
          If you start a new capture and don't specify a filename for it,
          Wireshark uses this directory to store that file; see
          <xref linkend="ChCapCaptureFiles"/>.
        </para>
      </listitem>
    </varlistentry>
      </variablelist>
    </para>

    <section id="ChProtocolHelp"><title>Protocol help configuration</title>
    <para>
      Wireshark can use configuration files to create context-sensitive menu
      items for protocol detail items which will load help URLs in your web
      browser.
    </para>
    <para>
      To create a protocol help file, create a folder named "protocol_help"
      in either the personal or global configuration folders. Then create a
      text file with the extension ".ini" in the "protocol_help" folder. The
      file must contain key-value pairs with the following sections:
      <variablelist>
        <varlistentry>
          <term>[database]</term>
          <listitem>
        <para>
          Mandatory. This contains initialization information for the
          help file. The following keys must be defined:
          <variablelist>
            <varlistentry>
              <term>source</term>
              <listitem><para>Source name, e.g. "HyperGlobalMegaMart".</para></listitem>
            </varlistentry>
            <varlistentry>
              <term>version</term>
              <listitem><para>Must be "1".</para></listitem>
            </varlistentry>
            <varlistentry>
              <term>location</term>
              <listitem>
            <para>
            General URL for help items. Variables can be substituted using
            the [location data] section below.
            </para>
              </listitem>
            </varlistentry>
          </variablelist>
        </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>[location data]</term>
          <listitem>
        <para>
          Optional. Contains keys that will be used for variable
          substitution in the "location" value. For example, if
          the database section contains
          <programlisting>
location = http://www.example.com/proto?cookie=${cookie}&amp;path=${PATH}
          </programlisting>
          then setting
          <programlisting>
cookie = anonymous-user-1138
          </programlisting>
          will result in the URL
          "http://www.example.com/proto?cookie=anonymous-user-1138&amp;path=${PATH}".
          PATH is used for help path substitution, and shouldn't be defined in this section.
        </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>[map]</term>
          <listitem>
        <para>
          Maps Wireshark protocol names to section names below. Each key
          MUST match a valid protocol name such as "ip". Each value MUST
          have a matching section defined in the configuration file.
        </para>
          </listitem>
        </varlistentry>

      </variablelist>

      Each protocol section must contain an "_OVERVIEW" key which will be used
      as the first menu item for the help source. Subsequent keys must match
      descriptions in the protocol detail. Values will be used as the ${PATH}
      variable in the location template. If ${PATH} isn't present in the location
      template the value will be appended to the location.
    </para>

    <para>
      Suppose the file
      <filename>C:\Users\sam.clemens\AppData\Roaming\Wireshark\protocol_help\wikipedia.ini</filename>
      contains the following:

      <programlisting>
# Wikipedia (en) protocol help file.

# Help file initialization
# source: The source of the help information, e.g. "Inacon" or "Wikipedia"
# version: Currently unused. Must be "1".
# url_template: Template for generated URLs. See "URL Data" below.
[database]
source=Wikipedia
version=1
url_template=http://${language}.wikipedia.org/wiki/${PATH}

# Substitution data for the location template.
# Each occurrence of the keys below in the location template will be
# substituted with their corresponding values. For example, "${license}"
# in the URL template above will be replaced with the value of "license"
# below.
#
# PATH is reserved for the help paths below; do not specify it here.
[location data]
language = en

# Maps Wireshark protocol names to section names below. Each key MUST match
# a valid protocol name. Each value MUST have a matching section below.
[map]
tcp=TCP

# Mapped protocol sections.
# Keys must match protocol detail items descriptions.
[TCP]
_OVERVIEW=Transmission_Control_Protocol
Destination port=Transmission_Control_Protocol#TCP_ports
Source port=Transmission_Control_Protocol#TCP_ports
      </programlisting>
      Right-clicking on a TCP protocol detail item will display a help menu
      item that displays the Wikipedia page for TCP. Right-clicking on the
      TCP destination or source ports will display additional help menu items that
      take you to the "TCP ports" section of the page.
    </para>

    <para>
      The [location data] and ${PATH} can be omitted if they are not needed.
      For example, the following configuration is functionally equivalent to
      the previous configuration:
      <programlisting>
[database]
source=Wikipedia
version=1
location=http://en.wikipedia.org/wiki/

[map]
tcp=TCP

[TCP]
_OVERVIEW=Transmission_Control_Protocol
Destination port=Transmission_Control_Protocol#TCP_ports
Source port=Transmission_Control_Protocol#TCP_ports
      </programlisting>
    </para>
    </section>

    </section>

    <section id="ChWindowsFolder"><title>Windows folders</title>
    <para>
    Here you will find some details about the folders used in Wireshark
    on different Windows versions.
    </para>
    <para>
    As already mentioned, you can find the currently used folders in the
    <command>About Wireshark</command> dialog.
    </para>

    <section id="ChWindowsProfiles"><title>Windows profiles</title>
    <para>
    Windows uses some special directories to store user configuration files
        which define the "user profile". This can be confusing, as the default directory location
    changed from Windows version to version and might also be different for English
    and internationalized versions of Windows.
    </para>
    <note><title>Note!</title>
    <para>
    If you've upgraded to a new Windows version, your profile might
    be kept in the former location, so the defaults mentioned here might not
    apply.
    </para>
    </note>
    <para>
    The following guides
    you to the right place where to look for Wireshark's profile data.
    </para>
    <para>
      <variablelist>
    <varlistentry>
      <term><application>Windows 7</application>, <application>Windows Vista</application></term>
      <listitem>
    <para>
    <filename>C:\Users\&lt;username&gt;\AppData\Roaming\Wireshark</filename>
    </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><application>Windows XP</application></term>
      <listitem>
    <para>
    <filename>C:\Documents and Settings\&lt;username&gt;\Application Data</filename>,
    "Documents and Settings" and "Application Data" might be internationalized.
    </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><application>Windows 2000</application> (no longer supported by Wireshark, for historical reference only)</term>
      <listitem>
    <para>
    <filename>C:\Documents and Settings\&lt;username&gt;\Application Data</filename>,
    "Documents and Settings" and "Application Data" might be internationalized.
    </para>
      </listitem>
    </varlistentry>

    <varlistentry>
      <term><application>Windows NT 4</application> (no longer supported, for historical reference only)</term>
      <listitem>
    <para>
    <filename>C:\WINNT\Profiles\&lt;username&gt;\Application Data\Wireshark</filename>
    </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><application>Windows ME</application>, <application>Windows 98</application> with user profiles (no longer supported, for historical reference only)</term>
      <listitem>
    <para>
    In Windows ME and 98 you can enable separate user profiles. In that case,
    something like
    <filename>C:\windows\Profiles\&lt;username&gt;\Application Data\Wireshark</filename>
    is used.
    </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><application>Windows ME</application>, <application>Windows 98</application> without user profiles (no longer supported, for historical reference only)</term>
      <listitem>
    <para>
    Without user profiles enabled the default location for all users is
    <filename>C:\windows\Application Data\Wireshark</filename>
    </para>
      </listitem>
    </varlistentry>
      </variablelist>
    </para>
    </section>

    <section id="ChWindowsRoamingProfiles">
    <title>Windows 7, Vista, XP, 2000, and NT roaming profiles</title>
    <para>
    The following will only be applicable if you are using roaming profiles.
    This might be the case, if you work in a Windows domain environment
    (used in company networks). The configurations of all
    programs you use won't be saved on the local hard drive of the computer
    you are currently working on, but on the domain server.
    </para>
    <para>
    As Wireshark is using the correct places to store its profile data,
    your settings will travel with you, if you logon to a different computer
    the next time.
    </para>
    <para>
    There is an exception to this: The "Local Settings" folder in your profile
    data (typically something like:
    <filename>C:\Documents and Settings\&lt;username&gt;\Local Settings</filename>)
    will not be transferred to the domain server. This is the default for
    temporary capture files.
    </para>
    </section>

    <section id="ChWindowsTempFolder">
    <title>Windows temporary folder</title>
    <para>
    Wireshark uses the folder which is set by the TMPDIR or TEMP environment
    variable. This variable will be set by the Windows installer.
    </para>
    <para>
      <variablelist>
    <varlistentry>
      <term><application>Windows 7</application>, <application>Windows Vista</application></term>
      <listitem>
    <para>
    <filename>C:\Users\&lt;username&gt;\AppData\Local\Temp</filename>
    </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><application>Windows XP</application>, <application>Windows 2000</application></term>
      <listitem>
    <para>
    <filename>C:\Documents and Settings\&lt;username&gt;\Local Settings\Temp</filename>
    </para>
      </listitem>
    </varlistentry>
    <varlistentry>
      <term><application>Windows NT</application></term>
      <listitem>
    <para>
    <filename>C:\TEMP</filename>
    </para>
      </listitem>
    </varlistentry>
      </variablelist>
    </para>
    </section>

    </section>

</appendix>
<!-- End of WSUG Appendix Files -->