Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] joincap: Merge multiple pcap files together, gracefully

From: Assaf <assaf.morami@xxxxxxxxx>
Date: Sun, 4 Nov 2018 15:21:12 +0200
Because it is slower (multple passes), needs more steps and harder to automate ☺

On Sat, Nov 3, 2018, 21:21 phreakocious <phreakocious@xxxxxxxxx wrote:
If starting from the beginning is your problem when you run into one of these situations (which should be handled as suggested above) .. Why not divide things up into smaller groups and then join the final products?  This way, you only have to merge a smaller set if you run into a problem.  In many cases, 'capinfos -A' is enough to show a problem in a pcap.  Another option would be to do something like a 'tcpdump -qnr' to just read through it.  It will exit with an error code if a problem is detected...

On Sat, Nov 3, 2018 at 10:54 AM Assaf <assaf.morami@xxxxxxxxx> wrote:
You are correct. I still prefer it my way.
This helped me tremendously, and the more common "error" for me is getting a damaged pcap files rather than mistyping the command.

On Fri, Nov 2, 2018 at 7:25 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Nov 2, 2018, at 3:28 AM, Assaf <assaf.morami@xxxxxxxxx> wrote:

> Usually if an input file doesn't exists (2) or is a directory (3) the user can't do anything to fix this other then fixing the command line, so joincap just ignores it and saves the user some time.

If the user mistyped the pathname of a file, it only saves them time if the contents of the file whose pathname they typed didn't need to be in the resulting file.  If they *did* expect that file's packets to be in the file, they end up with a file that doesn't contain what they think it did....
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe