Wireshark mailing list archives
Re: merge pcap from two interfaces
From: "Maynard, Chris" <Christopher.Maynard () IGT com>
Date: Sat, 12 May 2018 17:08:14 +0000
Do you have to use tcpdump? If you have tshark available, then you can capture on both interfaces at the same time without the need to merge separate capture files at all. For example: tshark -i eth0 -i eth1 –w eth0_eth1.pcapng Refer to the tshark[1] (or dumpcap[2]) man pages for more information. - Chris [1]: https://www.wireshark.org/docs/man-pages/tshark.html [2]: https://www.wireshark.org/docs/man-pages/dumpcap.html From: Wireshark-users [mailto:wireshark-users-bounces () wireshark org] On Behalf Of luke devon via Wireshark-users Sent: Saturday, May 12, 2018 8:17 AM To: Community support list for Wireshark <wireshark-users () wireshark org> Cc: luke devon <luke_devon () yahoo com> Subject: Re: [Wireshark-users] merge pcap from two interfaces Hi Abhik, Thank you for the reply. The reason is, the server got few more interfaces too. I want to capture specifically etho and etho1, Not other interfaces. That's why I can't use "-i any". Regards Luke On Saturday, 12 May 2018, 6:38:55 PM GMT+8, Abhik Sarkar <sarkar.abhik () gmail com<mailto:sarkar.abhik () gmail com>> wrote: Hi Luke, You could use mergecap (https://www.wireshark.org/docs/wsug_html_chunked/AppToolsmergecap.html). Alternately, run tcpdump with "-i any" to have the capture for all interfaces in the same file (unless you have good reason to keep them separate, of course). Regards, Abhik On 12 May 2018 at 14:14, luke devon via Wireshark-users <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>> wrote: Hi I have a server which has multiple ethernet interfaces and carrying network traffic to the system. every 15sec, roll out to the next tcpdump. Likewise, it will generate 4 - pcap file in a minute. eth0 will generate 4 pcap files eth1 will generate 4 pap files. I wanna merge respective etho and eth1 files by matching with the time stamp. can it be done? Please help. Thank you Luke CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- merge pcap from two interfaces luke devon via Wireshark-users (May 12)
- Re: merge pcap from two interfaces Abhik Sarkar (May 12)
- Re: merge pcap from two interfaces luke devon via Wireshark-users (May 12)
- Re: merge pcap from two interfaces Maynard, Chris (May 12)
- Re: merge pcap from two interfaces luke devon via Wireshark-users (May 12)
- Re: merge pcap from two interfaces luke devon via Wireshark-users (May 13)
- Re: merge pcap from two interfaces Maynard, Chris (May 13)
- Re: merge pcap from two interfaces luke devon via Wireshark-users (May 13)
- Re: merge pcap from two interfaces luke devon via Wireshark-users (May 12)
- Re: merge pcap from two interfaces Abhik Sarkar (May 12)