Wireshark mailing list archives
Re: mergecap doesn't merge
From: Martin Visser <martinvisser99 () gmail com>
Date: Thu, 25 Mar 2010 14:00:37 +1100
Assuming the clocks are stable (not drifting) then you would expect the offset across the two traces to be constant. If the two traces have related (or even the same traffic) and you know the approximate delay time across the network then just use this as well as the offset you see between the same (or associated packets) Regards, Martin MartinVisser99 () gmail com On Thu, Mar 25, 2010 at 1:20 AM, Frank Schuster <frank.schuster01 () web de>wrote:
Yes, the start time is different but is there an easy way to synchronize both? I can calculate the difference but that is not really fun :) But if it the only way it is ok.... FrankOn 24 mrt 2010, at 14:18, Frank Schuster wrote:I want to merge two files into one file, no append!!! Both files begin at timestamp 0.0000s.I assume that the relative timestamps in each file begin at 0.00s.Mergecap does the merging based on the absolute timestamp in the tracefiles, which makes more sense.What is the output of the command "capinfos -Tae firstfile.capsecondfile.cap"?I tried this command: mergecap -w outputfile.pcap firstfile.pcap secondfile.pcap But I get an mergefile, where the firstfile.pcap is the first one andbetween the files are a pause of 17 seconds.What I do wrong, why it didn't merge?I assume both files were made on different systems and that the clock onthese systems were not synchronized. You should compensate for the difference by using "editcap -t". You can find a presentation on how to do that at ___________________________________________________________ GRATIS für alle WEB.DE-Nutzer: Die maxdome Movie-FLAT! Jetzt freischalten unter http://movieflat.web.de ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Sake Blok (Mar 24)
- Re: mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Martin Visser (Mar 24)
- Re: mergecap doesn't merge Frank Schuster (Mar 24)
- Re: mergecap doesn't merge Sake Blok (Mar 24)