("tcpdump-announce" is a mailing list for announcements of new
tcpdump/libpcap releases and the like; it is not a mailing list for
questions about tcpdump and libpcap - those should be sent to
tcpdump-workers but *NOT* to tcpdump-announce.)
On Mon, Jun 10, 2002 at 10:37:36PM +0000, Derek Podoll wrote:
> I have tried cating the two files into one file by running cat test1
> test2 >> test3 this makes I file the right size but when I run the test3
> through tcpdump with the -r flag it errors out about half way through
> with (truncated dump file)
Tcpdump files consist of a file header followed by packets; if you use
"cat" to combine them, you will have a file with a file header in the
middle of the file, which is not a valid tcpdump file, so you cannot use
"cat" to combine tcpdump files.
> I have also tried tcpdump -n -r test1 -r
> test2 -w test3 but that just makes a copy of test2 to test3
Tcpdump reads only one input file, so that command will just read one
file and write to another, i.e. it will just make a copy of the file.
The mergecap utility in the Ethereal distribution:
http://www.ethereal.com/
(the ".com" nonwithstanding, it's free software; the "ethereal.org"
domain wasn't available) can be used to combine tcpdump-format capture
files.
The Pcap Utilities:
http://www.infosecalliance.com/products/pcaputils.htm
is claimed to include a "pcat" utility to combine multiple tcpdump files
into one file; however, the "DOWNLOAD NOW" link goes to the SourceForge
site for the Pcap Utilities:
http://sourceforge.net/projects/pcaputils
and there are now downloadable source tarballs - you'd have to check the
source out using anonymous CVS:
http://sourceforge.net/cvs/?group_id=44927
and build it yourself. (You're on your own doing that; I cannot help
you on that.)
There's a "tcpslice" module in the tcpdump.org CVS archive (see the
tcpdump.org Web site for information on the CVS archive), which might
also let you combine tcpdump files; however, again, you'd have to check
the source out using anonymous CVS and build it yourself.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
