On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote: >[email protected] wrote: >> Hi All, >> >> Thanks Joan and Gerald. >> >> Both of your approaches worked. >> But my New query is >> mergecap -w - file1.cap file2.cap |wiresahrk -k -i - >> shall give me the output unsaved, i need to explicitly save it . >> But what i need is save it to the XXX location as specified and into multiple files of say 200KB. >> >> I don't know the no.of files i am merging. There may be chance of "out >> of memory" when i load the merged output file. So it would be better if
>> I could save them into smaller files. I don't know if I understand you correctly. Do you first want to merge 2 or more files and next split the outputfile into multiple files? If so: mergecap -w <outputfile> <inputfile> <inputfile> $ mergecap -w mergefile1_2.cap file1.cap file2.cap editcap -c <packets per file> <inputfile> <outputfile> $ editcap -c 200 mergefile1_2.cap split.cap Do you want to capture and write the output to multiple files? If so, you can use TShark, Dumpcap or Wireshark. TShark/Dumpcap -i <interface> -b <filesize:NUM - switch to next file after NUM KB> -a <files:NUM - stop after NUM files> -w <outputfile> $ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap Wireshark: Capture -> Options -> Use Multiple Files https://www.wireshark.org/docs/man-pages/mergecap.html https://www.wireshark.org/docs/man-pages/editcap.html https://www.wireshark.org/docs/man-pages/tshark.html > >Try feeding the output into dumpcap instead of Wireshark: > >mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200 Doesn't work for me:( > >http://www.wireshark.org/docs/man-pages/dumpcap.html > >-- >Join us for Sharkfest?09 | Stanford University, June 15 ? 18 >http://www.cacetech.com/sharkfest.09/ Of course > >EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009 >___________________________________________________________________________ >Sent via: Wireshark-dev mailing list <[email protected]> >Archives: http://www.wireshark.org/lists/wireshark-dev >Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
