Hi Chris,
Thank you so much for the guidance.
May I know, can we use tshark to rotate the traces every 15 sec? and can we compress into tar.gz the completed dump?
Regards
Luke
On Sunday, 13 May 2018, 1:08:32 AM GMT+8, Maynard, Chris <Christopher.Maynard@xxxxxxx> wrote:
Do you have to use
tcpdump? If you have
tshark available, then you can capture on both interfaces at the same time without the
need to merge separate capture files at all. For example:
tshark -i eth0 -i eth1 –w eth0_eth1.pcapng
From: Wireshark-users [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of luke devon via Wireshark-users
Sent: Saturday, May 12, 2018 8:17 AM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Cc: luke devon <luke_devon@xxxxxxxxx>
Subject: Re: [Wireshark-users] merge pcap from two interfaces
The reason is, the server got few more interfaces too. I want to capture specifically etho and etho1, Not other interfaces. That's why I can't use "-i any".
Alternately, run tcpdump with "-i any" to have the capture for all interfaces in the same file (unless you have good reason to
keep them separate, of course).
Regards,
Abhik
I have a server which has multiple ethernet interfaces and carrying network traffic to the system. every 15sec, roll out to the next tcpdump. Likewise, it will
generate 4 - pcap file in a minute.
eth0 will generate 4 pcap files
eth1 will generate 4 pap files.
I wanna merge respective etho and eth1 files by matching with the time stamp.
can it be done? Please help.
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.