Wireshark-dev: Re: [Wireshark-dev] Query on loading packetsusing command line options
Date: Mon, 22 Dec 2008 18:56:01 +0530
Hi All,

Thanks for all your support.

My new query: is it possible to create the traffic using the existing packets i have and capture them using wireshark.
What i mean exactly is with the packets available with me  is it possible to create a traffic with in the system.
And is it possible to run wireshark in capture mode to capture the generated traffic.

If yes, could any one please explain me how it can be done?

regards,
Atdev.

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of j.snelders@xxxxxxxxxx
Sent: Sat 12/20/2008 3:11 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packetsusing command line options




On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>atdev.queries@xxxxxxxxx wrote:
>> Hi All,
>>
>> Thanks Joan and Gerald.
>>
>> Both of your approaches worked.
>> But my New query is
>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>> shall give me the output unsaved, i need to explicitly save it .
>> But what i need is save it to the XXX location as specified and into multiple
files of say 200KB.
>>
>> I don't know the no.of files i am merging. There may be chance of "out
>> of memory" when i load the merged output file. So it would be better if

>> I could save them into smaller files.

I don't know if I understand you correctly.
Do you first want to merge 2 or more files and next split the outputfile
into multiple files?
If so:
mergecap -w <outputfile> <inputfile> <inputfile>
$ mergecap -w mergefile1_2.cap file1.cap file2.cap

editcap -c <packets per file> <inputfile> <outputfile>
$ editcap -c 200 mergefile1_2.cap split.cap

Do you want to capture and write the output to multiple files?
If so, you can use TShark, Dumpcap or Wireshark.
TShark/Dumpcap -i <interface> -b <filesize:NUM - switch to next file after
NUM KB> -a <files:NUM - stop after NUM files> -w <outputfile>
$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap

Wireshark: Capture -> Options -> Use Multiple Files

https://www.wireshark.org/docs/man-pages/mergecap.html
https://www.wireshark.org/docs/man-pages/editcap.html
https://www.wireshark.org/docs/man-pages/tshark.html

>
>Try feeding the output into dumpcap instead of Wireshark:
>
>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200

Doesn't work for me:(

>
>http://www.wireshark.org/docs/man-pages/dumpcap.html
>
>--
>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>http://www.cacetech.com/sharkfest.09/

Of course
>
>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>___________________________________________________________________________
>Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com

<<winmail.dat>>