Wireshark mailing list archives
Re: mergecap doesn't merge
From: Sake Blok <sake () euronet nl>
Date: Wed, 24 Mar 2010 14:48:06 +0100
On 24 mrt 2010, at 14:18, Frank Schuster wrote:
I want to merge two files into one file, no append!!! Both files begin at timestamp 0.0000s.
I assume that the relative timestamps in each file begin at 0.00s. Mergecap does the merging based on the absolute timestamp in the tracefiles, which makes more sense. What is the output of the command "capinfos -Tae firstfile.cap secondfile.cap"?
I tried this command: mergecap -w outputfile.pcap firstfile.pcap secondfile.pcap But I get an mergefile, where the firstfile.pcap is the first one and between the files are a pause of 17 seconds. What I do wrong, why it didn't merge?
I assume both files were made on different systems and that the clock on these systems were not synchronized. You should compensate for the difference by using "editcap -t". You can find a presentation on how to do that at: http://www.lovemytool.com/blog/2008/09/sake_blok.html Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Sake Blok (Mar 24)
- Re: mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Martin Visser (Mar 24)
- Re: mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Sake Blok (Mar 24)