Wireshark mailing list archives
Re: Multiple input files
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Thu, 5 Sep 2013 16:18:31 +0000 (UTC)
<jasper.sharklists@...> writes:
You could use a batch script to do what you want, like for %%a IN (*.pcap) DO tshark.exe -r "%%a" -R "dns.qry.name
contains google" -w "filtered_%%a"
mergecap -a -w all-google-queries.pcap filtered*.pcap
Great idea Jasper! I was thinking the same thing, only that it might be nicer if mergecap supported reading from stdin, so that you could then have a script along the lines of the following to avoid creating so many temporary files. I don't know which method would be more efficient though - i.e., merge 1 file at a time or merge them all together at the end. #!/bin/sh if (( ${#} < 3 )) then echo "Usage: $0 <directory> <filter> <outfile>" exit 0 fi tmpfile=__tmp.pcap filter=$2 outfile=$3 rm -f $tmpfile touch $tmpfile for file in `ls -1 $1` do wireshark-gtk2/tshark.exe -r $1/$file -Y "$filter" -F libpcap -w - | wireshark-gtk2/mergecap.exe -w $outfile - $tmpfile cp -f $outfile $tmpfile done rm -f $tmpfile echo "Done merging files in $1/ to $outfile" ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Multiple input files Dario Lombardo (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Dario Lombardo (Sep 05)
- Re: Multiple input files jasper . sharklists (Sep 05)
- Re: Multiple input files Christopher Maynard (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
- Re: Multiple input files Christopher Maynard (Sep 05)
- Re: Multiple input files Dario Lombardo (Sep 06)
- Re: Multiple input files Christopher Maynard (Sep 06)
- Re: Multiple input files Dario Lombardo (Sep 10)