Wireshark mailing list archives
Re: joincap: Merge multiple pcap files together, gracefully
From: Assaf <assaf.morami () gmail com>
Date: Sun, 4 Nov 2018 15:21:12 +0200
Because it is slower (multple passes), needs more steps and harder to automate ☺ On Sat, Nov 3, 2018, 21:21 phreakocious <phreakocious () gmail com wrote:
If starting from the beginning is your problem when you run into one of these situations (which should be handled as suggested above) .. Why not divide things up into smaller groups and then join the final products? This way, you only have to merge a smaller set if you run into a problem. In many cases, 'capinfos -A' is enough to show a problem in a pcap. Another option would be to do something like a 'tcpdump -qnr' to just read through it. It will exit with an error code if a problem is detected... On Sat, Nov 3, 2018 at 10:54 AM Assaf <assaf.morami () gmail com> wrote:You are correct. I still prefer it my way. This helped me tremendously, and the more common "error" for me is getting a damaged pcap files rather than mistyping the command. On Fri, Nov 2, 2018 at 7:25 PM Guy Harris <guy () alum mit edu> wrote:On Nov 2, 2018, at 3:28 AM, Assaf <assaf.morami () gmail com> wrote:Usually if an input file doesn't exists (2) or is a directory (3) theuser can't do anything to fix this other then fixing the command line, so joincap just ignores it and saves the user some time. If the user mistyped the pathname of a file, it only saves them time if the contents of the file whose pathname they typed didn't need to be in the resulting file. If they *did* expect that file's packets to be in the file, they end up with a file that doesn't contain what they think it did.... ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark orgArchives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 02)
- Re: joincap: Merge multiple pcap files together, gracefully Guy Harris (Nov 02)
- Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 03)
- Re: joincap: Merge multiple pcap files together, gracefully phreakocious (Nov 03)
- Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 04)
- Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 03)
- Re: joincap: Merge multiple pcap files together, gracefully Guy Harris (Nov 02)