Wireshark-users: Re: [Wireshark-users] joincap: Merge multiple pcap files together, gracefully
From: phreakocious <phreakocious@xxxxxxxxx>
Date: Sat, 3 Nov 2018 12:21:07 -0700
If starting from the beginning is your problem when you run into one of these situations (which should be handled as suggested above) .. Why not divide things up into smaller groups and then join the final products?  This way, you only have to merge a smaller set if you run into a problem.  In many cases, 'capinfos -A' is enough to show a problem in a pcap.  Another option would be to do something like a 'tcpdump -qnr' to just read through it.  It will exit with an error code if a problem is detected...

On Sat, Nov 3, 2018 at 10:54 AM Assaf <assaf.morami@xxxxxxxxx> wrote:
You are correct. I still prefer it my way.
This helped me tremendously, and the more common "error" for me is getting a damaged pcap files rather than mistyping the command.

On Fri, Nov 2, 2018 at 7:25 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Nov 2, 2018, at 3:28 AM, Assaf <assaf.morami@xxxxxxxxx> wrote:

> Usually if an input file doesn't exists (2) or is a directory (3) the user can't do anything to fix this other then fixing the command line, so joincap just ignores it and saves the user some time.

If the user mistyped the pathname of a file, it only saves them time if the contents of the file whose pathname they typed didn't need to be in the resulting file.  If they *did* expect that file's packets to be in the file, they end up with a file that doesn't contain what they think it did....
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe