Wireshark-users: Re: [Wireshark-users] Capturing and merging files from different machines
From: "Chris Swinney" <[email protected]>
Date: Wed, 18 Jun 2008 21:59:24 +0100
Cheers, much better, thanks.


-----Original Message-----
From: Kevin Cullimore [mailto:[email protected]] 
Sent: 18 June 2008 15:14
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Capturing and merging files from
different machines

Chris Swinney wrote:
>
> Hi,
>
> I have taken a capture on two different machines from an in-line 
> network tap (one to capture upstream, one to capture downstream data).

> I now need to merge these file, but when I ask Wireshark to merge them

> chronologically, it seems to merge them based on the initial time 
> taken into the capture, not the actual capture time.
>
> I have tried to mitigate time differences by synching both machines to

> an NTP server, but of course both captures are themselves started a 
> different times. How can I best accomplish what I want? I've had a 
> look at mergecap (as well as the inbuilt merge facility as shown 
> above), but am not sure if this will still do what I'm after.
>
> As a side note, is it possible to "shut up" the capturing machines 
> from trying to send network traffic on the capturing interfaces 
> (Windows XP/Vista), so in effect they just listen?
>
Unchecking network protocols associated with the interface suppresses 
most of the traffic likely to interfere with a capture .
>
> Regards
>
> Chris Swinney
>
> */Tel - (01792) 411662/*
>
> */Email - [email protected] <outbind://28/[email protected]>/*
>
> 56 Dan-y-graig Rd
>
> Port Tennant,
>
> Swansea
>
> SA1 8LZ
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> https://wireshark.org/mailman/listinfo/wireshark-users
>