Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: merge pcap from two interfaces

From: Abhik Sarkar <sarkar.abhik () gmail com>
Date: Sat, 12 May 2018 14:37:59 +0400
Hi Luke,

You could use mergecap (
https://www.wireshark.org/docs/wsug_html_chunked/AppToolsmergecap.html).
Alternately, run tcpdump with "-i any" to have the capture for all
interfaces in the same file (unless you have good reason to keep them
separate, of course).

Regards,
Abhik


On 12 May 2018 at 14:14, luke devon via Wireshark-users <
wireshark-users () wireshark org> wrote:


Hi

I have a server which has multiple ethernet interfaces and carrying
network traffic to the system. every 15sec, roll out to the next tcpdump.
Likewise, it will generate 4 - pcap file in a minute.

eth0 will generate 4 pcap files
eth1 will generate 4 pap files.

I wanna merge respective etho and eth1 files by matching with the time
stamp.

can it be done? Please help.

Thank you
Luke


____________________________________________________________
_______________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=
unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: