Chris Swinney wrote:
Hi,
I have taken a capture on two different machines from an in-line
network tap (one to capture upstream, one to capture downstream data).
I now need to merge these file, but when I ask Wireshark to merge them
chronologically, it seems to merge them based on the initial time
taken into the capture, not the actual capture time.
I have tried to mitigate time differences by synching both machines to
an NTP server, but of course both captures are themselves started a
different times. How can I best accomplish what I want? I�ve had a
look at mergecap (as well as the inbuilt merge facility as shown
above), but am not sure if this will still do what I�m after.
As a side note, is it possible to �shut up� the capturing machines
from trying to send network traffic on the capturing interfaces
(Windows XP/Vista), so in effect they just listen?
Unchecking network protocols associated with the interface suppresses
most of the traffic likely to interfere with a capture .
Regards
Chris Swinney
*/Tel - (01792) 411662/*
*/Email - swin@xxxxxxxxxxxxx <outbind://28/swin@xxxxxxxxxxxxx>/*
56 Dan-y-graig Rd
Port Tennant,
Swansea
SA1 8LZ
------------------------------------------------------------------------
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
