Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options
On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>atdev.queries@xxxxxxxxx wrote:
>> Hi All,
>>
>> Thanks Joan and Gerald.
>>
>> Both of your approaches worked.
>> But my New query is
>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>> shall give me the output unsaved, i need to explicitly save it .
>> But what i need is save it to the XXX location as specified and into multiple
files of say 200KB.
>>
>> I don't know the no.of files i am merging. There may be chance of "out
>> of memory" when i load the merged output file. So it would be better if
>> I could save them into smaller files.
I don't know if I understand you correctly.
Do you first want to merge 2 or more files and next split the outputfile
into multiple files?
If so:
mergecap -w <outputfile> <inputfile> <inputfile>
$ mergecap -w mergefile1_2.cap file1.cap file2.cap
editcap -c <packets per file> <inputfile> <outputfile>
$ editcap -c 200 mergefile1_2.cap split.cap
Do you want to capture and write the output to multiple files?
If so, you can use TShark, Dumpcap or Wireshark.
TShark/Dumpcap -i <interface> -b <filesize:NUM - switch to next file after
NUM KB> -a <files:NUM - stop after NUM files> -w <outputfile>
$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap
Wireshark: Capture -> Options -> Use Multiple Files
https://www.wireshark.org/docs/man-pages/mergecap.html
https://www.wireshark.org/docs/man-pages/editcap.html
https://www.wireshark.org/docs/man-pages/tshark.html
>
>Try feeding the output into dumpcap instead of Wireshark:
>
>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200
Doesn't work for me:(
>
>http://www.wireshark.org/docs/man-pages/dumpcap.html
>
>--
>Join us for Sharkfest?09 | Stanford University, June 15 ? 18
>http://www.cacetech.com/sharkfest.09/
Of course
>
>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>___________________________________________________________________________
>Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>Archives: http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe