Wireshark · Wireshark-dev: Re: [Wireshark-dev] Multiple input files

Wireshark-dev: Re: [Wireshark-dev] Multiple input files

From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>

Date: Thu, 5 Sep 2013 13:35:34 +0000 (UTC)

Evan Huus <eapache@...> writes:

> You can even (I think) pipe from mergecap to tshark as follows:
> 
> 
> mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y
"dns.qry.name contains google" -o google.pcap

Just a slight correction on the tshark command-line options needed (note the
"-i -"):

mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name
contains google" -o google.pcap

Follow-Ups:
- Re: [Wireshark-dev] Multiple input files
  - From: Dario Lombardo

References:
- [Wireshark-dev] Multiple input files
  - From: Dario Lombardo
- Re: [Wireshark-dev] Multiple input files
  - From: Evan Huus

Prev by Date: Re: [Wireshark-dev] Multiple input files
Next by Date: Re: [Wireshark-dev] Multiple input files
Previous by thread: Re: [Wireshark-dev] Multiple input files
Next by thread: Re: [Wireshark-dev] Multiple input files
Index(es):
- Date
- Thread