Wireshark mailing list archives
Re: Multiple input files
From: Evan Huus <eapache () gmail com>
Date: Thu, 5 Sep 2013 09:26:06 -0400
On Thu, Sep 5, 2013 at 9:19 AM, Dario Lombardo <dario.lombardo.ml () gmail com>wrote:
Hi list I was trying to change the code of tshark to support multiple -r switches. The aim is to have many input files and one output file. Before getting mad in changing it, I was wondering if it makes sense or not, and if it was addressed before in some way. An example of use of it: tshark -r input1.pcap -r input2.pcap -r input3.pcap -Y "dns.qry.name contains google" -o google.pcap Thanks for your suggestions.
Mergecap already does this, but can't filter. Still, it's easy enough to use mergecap to merge the files, and then filter it second (or filter them individually first, then merge the filtered files). You can even (I think) pipe from mergecap to tshark as follows: mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y "dns.qry.name contains google" -o google.pcap
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Multiple input files Dario Lombardo (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Dario Lombardo (Sep 05)
- Re: Multiple input files jasper . sharklists (Sep 05)
- Re: Multiple input files Christopher Maynard (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Christopher Maynard (Sep 05)
- Re: Multiple input files Dario Lombardo (Sep 06)
- Re: Multiple input files Christopher Maynard (Sep 06)
- Re: Multiple input files Dario Lombardo (Sep 10)