Hi All, I tried the following command to load the packets. $mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap -b filesize:200 -a files:4 -i 2 merge1_2.cap
But i havn't got any file as chopped.cap after the execution. It simply loaded merge1_2.cap. Could any one explain me how to get the expected behaviour. thanks and regards, Atdev. ________________________________ From: [email protected] on behalf of Alex Lindberg Sent: Sat 12/20/2008 6:32 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Query on loading packets using command lineoptions I created a simple script for merging many files with the option of filtering using display filters. Note the following script was intended for use on *inux systems. Your mileage may very. ----------------- MergePackets.sh ---------------- #!/bin/sh if [ "$2x" = "x" ]; then echo "$0 <Path> <DisplayFilter> [<OutputFile>]" echo " " echo "The purpose of this script is to take all capture files in a directory" echo "and create a single file that is filtered based on the input string." echo " " echo "This string could be an IP address, \"ip.addr == 1.1.1.1\"" echo "or a port nunmber \"tcp.port == 1720\", etc." echo " " echo "The input must be in a display filter format." echo " " echo "If you are using a wildcard in the <Path>, please inclose with \" \" marks" echo " " echo "If OutputFile is not specified, the output will be to stdout" echo " " exit 1 fi # Change below if Wireshark is not installed and you are using Ethereal SHARK=tshark #SHARK=tethereal # Create file list FILELIST=`ls $1` TEMPDIR=/tmp/foobar mkdir $TEMPDIR i=1 for I in $FILELIST; do echo "$i $I $2" $SHARK -r $I -w $TEMPDIR/~$I-$i -R "$2" &>/dev/null i=`echo $i+1|bc` done if [ "$3x" = "x" ]; then # if here use stdout OUTFILE="-" else OUTFILE=$3 fi mergecap -w $OUTFILE $TEMPDIR/~* rm -r $TEMPDIR ----------------------- End MergePackets.sh --------------- Good Luck Alex Lindberg ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
<<winmail.dat>>
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
