Hi Atdev, Your command line: > $mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap -b filesize:200 -a files:4 -i 2 merge1_2.cap
If you want to split a capture file in multiple files, you have to use editcap (and not Wireshark): editcap -c <packets per file> <inputfile> <outputfile> $ editcap -c 200 merge1_2.cap split.cap Wireshark options -b (Capture output: ringbuffer) -a (Capture stop conditions: autostop) You only use the options -b and -a in Wireshark or TShark, if you want to start a life capture and you want to send the output to multiple files. For all the options take a look at wireshark -h or http://www.wireshark.org/docs/man-pages/wireshark.html > Could any one explain me how to get the expected behaviour. $mergecap -w merge1_2.cap input1.cap input2.cap $editcap -c 200 merge1_2.cap split.cap The output will be something like: split.cap-00000 split.cap-00001 split.cap-00002 etc. You can open those files with Wireshark or TShark. $ wireshark -r split.cap-00000 $ tshark -r split.cap-00000 Hope this helps Joan On Mon, 22 Dec 2008 19:01:28 +0530 atdev wrote: >Hi All, > >I tried the following command to load the packets. >$mergecap -w merge1_2.cap input1.cap input2.cap|wireshark -w chopped.cap >-b filesize:200 -a files:4 -i 2 merge1_2.cap > >But i havn't got any file as chopped.cap after the execution. It simply loaded >merge1_2.cap. >Could any one explain me how to get the expected behaviour. > >thanks and regards, >Atdev. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
