Wireshark · Wireshark-dev: Re: [Wireshark-dev] Multiple input files

Wireshark-dev: Re: [Wireshark-dev] Multiple input files

From: Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>

Date: Tue, 10 Sep 2013 09:29:01 +0200

On Fri, Sep 6, 2013 at 9:50 PM, Christopher Maynard <Christopher.Maynard@xxxxxxxxx> wrote:

Two problems:
1) How do you guarantee the files will be processed in correct time order
for appending?

I can't. If the user needs it, they can run reordercap.

2) mergecap today doesn't support reading from stdin.

I think Jasper's solution is the way to go for now (less the -a option due
to #1 above).

Even my earlier proposed script isn't as useful as it could be. What might
make it more useful (potentially) is if in addition to supporting reading
from stdin, mergecap also supported reading from and writing to the same
file, as that would completely avoid the tmp file(s) altogether, i.e.:

This would be a very useful option. But I don't think it's a feasible way, since the file handlers (in and out) are different.

References:
- [Wireshark-dev] Multiple input files
  - From: Dario Lombardo
- Re: [Wireshark-dev] Multiple input files
  - From: Evan Huus
- Re: [Wireshark-dev] Multiple input files
  - From: Christopher Maynard
- Re: [Wireshark-dev] Multiple input files
  - From: Dario Lombardo
- Re: [Wireshark-dev] Multiple input files
  - From: Christopher Maynard

Prev by Date: Re: [Wireshark-dev] qtshark startup time ~1 minute just printing messages
Next by Date: Re: [Wireshark-dev] qtshark startup time ~1 minute just printing messages
Previous by thread: Re: [Wireshark-dev] Multiple input files
Next by thread: Re: [Wireshark-dev] Multiple input files
Index(es):
- Date
- Thread