Hans Nilsson wrote: > How complicated is it to merge two capture files? Do you have to change > much data in them or basically strip the headers of the second file and > then append it to the first?
The answer to both of them is "no", because merging doesn't mean changing the data in the packets, but it also doesn't mean concatenating, it means *merging*, which is, by default, done by time stamp, so the packets are sorted by time stamp (under the assumption that the input files are sorted by time stamp). It also can mean changing the per-packet record headers, as you might be merging two different types of capture files, e.g. a libpcap-format file and a Sniffer-format file. Therefore, merging involves reading all the input files and writing out a single output file. _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
