Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Reading multiple files in tcpdump

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Tue, 3 Mar 2009 20:13:55 -0700

On Tue, Mar 03, 2009 at 07:01:48PM -0800, Rayne wrote:

> I have multiple trace files all beginning with the prefix "trace1_" 
> and I would like to read all these files, apply a filter on them and 
> write the filtered packets into another pcap file.
> 
> I've tried both reading from trace1* and listing all the filenames 
> after the -r option, but I keep getting syntax error.
> 
> Can I read multiple files in tcpdump and if so, how?

I don't know about tcpdump, but with Wireshark you can use the included 
CLI command mergecap to put the files together and then read it in.


Steve
  • References:
    • [Wireshark-users] Reading multiple files in tcpdump
      • From: Rayne
  • Prev by Date: [Wireshark-users] Reading multiple files in tcpdump
  • Next by Date: Re: [Wireshark-users] Reading multiple files in tcpdump
  • Previous by thread: [Wireshark-users] Reading multiple files in tcpdump
  • Next by thread: Re: [Wireshark-users] Reading multiple files in tcpdump
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation