tcpdump mailing list archives

Re: tool to reorder packets of a pcap?

From: Guy Harris <guy () alum mit edu>
Date: Tue, 5 Feb 2013 10:05:33 -0800


On Jan 24, 2013, at 2:43 AM, rixed () happyleptic org wrote:

I have a set of pcap files which packets are not stricly ordered according to packet timestamp.
I'd like a tool to reorder such packets according to timestamp (without altering packet timestamp
by by swapping packets in the file).

I couldn't find such tool - should I write one or did I missed something obvious?


According to

        http://ask.wireshark.org/questions/18190/utility-to-sort-pcap-or-pcapng-capture-file-based-on-timestamp

there's a "reordercap" utility in the current development version of Wireshark that can do that:

   Reordercap is a program that reads an input capture file and rewrites
   the frames to an output capture file, but with the frames sorted by
   increasing timestamp.

   This functionality may be useful when capture files have been created
   by combining frames from more than one well-synchronised source, but
   the frames have not been combined in strict time order.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

tool to reorder packets of a pcap? rixed (Feb 05)
- Re: tool to reorder packets of a pcap? Guy Harris (Feb 05)
- Re: tool to reorder packets of a pcap? rixed (Feb 20)
  - Re: tool to reorder packets of a pcap? Bill Fenner (Feb 21)
- Re: tool to reorder packets of a pcap? Aaron Turner (Feb 20)