Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options
Date: Fri, 19 Dec 2008 12:20:00 +0530
Hi All,

Thanks Joan and Gerald.

Both of your approaches worked.
But my New query is
mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
shall give me the output unsaved, i need to explicitly save it .
But what i need is save it to the XXX location as specified and into multiple files of say 200KB.

I don't know the no.of files i am merging. There may be chance of "out of memory" when i load the merged output file. So it would be better if  I could save them into smaller files.

please help me.

regards,
Atdev.

________________________________

From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of j.snelders@xxxxxxxxxx
Sent: Thu 12/18/2008 1:35 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Query on loading packets usingcommand line options




>-- Oorspronkelijk bericht --
>Date: Wed, 17 Dec 2008 07:39:03 -0800
>From: Gerald Combs <gerald@xxxxxxxxxxxxx>
>To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>Subject: Re: [Wireshark-dev] Query on loading packets using command
>       line    options
>Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
>
>
>j.snelders@xxxxxxxxxx wrote:
>> Hi Atdev,
>>
>> You can ust the pipe sign | , but this will start Wireshark twice.
>> wireshark -r packet1.pcap | wireshark -r packet2.cap
>>
>>
>> Or you can create file sets.
>> Rename your files like this:
>> packet1_00000_20081217000000.pcap
>> packet1_00001_20081217000000.pcap
>>
>> Start Wireshark and load on of the files.
>> Got to File -> File Set -> List Files
>> Load the other file by selecting it.
>>
>> Somehow this won't work by using the command line to start Wireshark.
>
>Does this work?
>
>mergecap -w - file1.pcap file2.pcap | wireshark -k -i -

No, this one does:
$ mergecap -w mergepacket1_and_2.pcap packet1.pcap packet2.pcap | wireshark
-r
mergepacket1_and_2.pcap




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 

www.wipro.com

<<winmail.dat>>