Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options
Date: Mon, 22 Dec 2008 20:06:44 +0100
Hi Atdev,

You can replay the packets using Colasoft Packet Player en capture the traffic
with TShark | Wireshark.

http://www.colasoft.com/download/products/packet_player.php

HTH
Joan

On Mon, 22 Dec 2008 18:56:01 +0530 atdev wrote:
>Hi All,
>
>Thanks for all your support.
>
>My new query: is it possible to create the traffic using the existing packets
>i have and capture them using wireshark.
>What i mean exactly is with the packets available with me  is it possible
>to create a traffic with in the system.
>And is it possible to run wireshark in capture mode to capture the generated
>traffic.
>
>If yes, could any one please explain me how it can be done?
>
>regards,
>Atdev.
>
>________________________________
>
>From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of j.snelders@xxxxxxxxxx
>Sent: Sat 12/20/2008 3:11 AM
>To: Developer support list for Wireshark
>Subject: Re: [Wireshark-dev] Query on loading packetsusing command line
options
>
>
>
>
>On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote:
>>atdev.queries@xxxxxxxxx wrote:
>>> Hi All,
>>>
>>> Thanks Joan and Gerald.
>>>
>>> Both of your approaches worked.
>>> But my New query is
>>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
>>> shall give me the output unsaved, i need to explicitly save it .
>>> But what i need is save it to the XXX location as specified and into
multiple
>files of say 200KB.
>>>
>>> I don't know the no.of files i am merging. There may be chance of "out
>>> of memory" when i load the merged output file. So it would be better
if
>
>>> I could save them into smaller files.
>
>I don't know if I understand you correctly.
>Do you first want to merge 2 or more files and next split the outputfile
>into multiple files?
>If so:
>mergecap -w <outputfile> <inputfile> <inputfile>
>$ mergecap -w mergefile1_2.cap file1.cap file2.cap
>
>editcap -c <packets per file> <inputfile> <outputfile>
>$ editcap -c 200 mergefile1_2.cap split.cap
>
>Do you want to capture and write the output to multiple files?
>If so, you can use TShark, Dumpcap or Wireshark.
>TShark/Dumpcap -i <interface> -b <filesize:NUM - switch to next file after
>NUM KB> -a <files:NUM - stop after NUM files> -w <outputfile>
>$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap
>
>Wireshark: Capture -> Options -> Use Multiple Files
>
>https://www.wireshark.org/docs/man-pages/mergecap.html
>https://www.wireshark.org/docs/man-pages/editcap.html
>https://www.wireshark.org/docs/man-pages/tshark.html
>
>>
>>Try feeding the output into dumpcap instead of Wireshark:
>>
>>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200
>
>Doesn't work for me:(
>
>>
>>http://www.wireshark.org/docs/man-pages/dumpcap.html
>>
>>--
>>Join us for Sharkfest?09  |  Stanford University, June 15 ? 18
>>http://www.cacetech.com/sharkfest.09/
>
>Of course
>>
>>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009
>>___________________________________________________________________________
>>Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>>Archives:    http://www.wireshark.org/lists/wireshark-dev
>>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
>
>
>___________________________________________________________________________
>Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
>Please do not print this email unless it is absolutely necessary. 
>
>The information contained in this electronic message and any attachments
>to this message are intended for the exclusive use of the addressee(s) and
>may contain proprietary, confidential or privileged information. If you
are
>not the intended recipient, you should not disseminate, distribute or copy
>this e-mail. Please notify the sender immediately and destroy all copies
>of this message and any attachments. 
>
>WARNING: Computer viruses can be transmitted via email. The recipient should
>check this email and any attachments for the presence of viruses. The company
>accepts no liability for any damage caused by any virus transmitted by this
>email. 
>
>www.wipro.com
>
>Bijlage: winmail.dat
>
>___________________________________________________________________________
>Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>Archives:    http://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe