Evan Huus <eapache@...> writes: > You can even (I think) pipe from mergecap to tshark as follows: > > > mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y "dns.qry.name contains google" -o google.pcap
Just a slight correction on the tshark command-line options needed (note the "-i -"): mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name contains google" -o google.pcap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
