I created a simple script for merging many files with the option of filtering
using display filters. Note the following script was intended for use on *inux
systems. Your mileage may very.
----------------- MergePackets.sh ----------------
#!/bin/sh
if [ "$2x" = "x" ];
then
echo "$0 <Path> <DisplayFilter> [<OutputFile>]"
echo " "
echo "The purpose of this script is to take all capture files in a
directory"
echo "and create a single file that is filtered based on the input
string."
echo " "
echo "This string could be an IP address, \"ip.addr == 1.1.1.1\""
echo "or a port nunmber \"tcp.port == 1720\", etc."
echo " "
echo "The input must be in a display filter format."
echo " "
echo "If you are using a wildcard in the <Path>, please inclose with \"
\" marks"
echo " "
echo "If OutputFile is not specified, the output will be to stdout"
echo " "
exit 1
fi
# Change below if Wireshark is not installed and you are using Ethereal
SHARK=tshark
#SHARK=tethereal
# Create file list
FILELIST=`ls $1`
TEMPDIR=/tmp/foobar
mkdir $TEMPDIR
i=1
for I in $FILELIST;
do
echo "$i $I $2"
$SHARK -r $I -w $TEMPDIR/~$I-$i -R "$2" &>/dev/null
i=`echo $i+1|bc`
done
if [ "$3x" = "x" ];
then
# if here use stdout
OUTFILE="-"
else
OUTFILE=$3
fi
mergecap -w $OUTFILE $TEMPDIR/~*
rm -r $TEMPDIR
----------------------- End MergePackets.sh ---------------
Good Luck
Alex Lindberg
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
