Wireshark mailing list archives

Re: Analyzing many pcap files with tshark

From: Maverick <myeaddress () gmail com>
Date: Tue, 26 Oct 2010 22:31:58 -0400

Yeah but I have huge file sizes in tens of gbs and merging them first
doesn't seem like a good idea so I thought there must be some way to do this
analysis on all files.

So how this analysis is usually done? People work on individual files and
than use some other tool to collect the results of individual tool may be I
can take that approach.

Thanks
MAK


On Tue, Oct 26, 2010 at 5:53 PM, Stephen Fisher <steve () stephen-fisher com>wrote:

On Tue, Oct 26, 2010 at 07:40:33AM -0700, Maverick wrote:

Is it possible to give many pcap files to tshark to be processed at
the same time.


No, but you can use the mergecap program that comes with Wireshark to
combine multiple capture files into one.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Analyzing many pcap files with tshark Maverick (Oct 26)
- Re: Analyzing many pcap files with tshark Boonie (Oct 26)
- Re: Analyzing many pcap files with tshark Stephen Fisher (Oct 26)
  - Re: Analyzing many pcap files with tshark Maverick (Oct 26)
    - Re: Analyzing many pcap files with tshark Guy Harris (Oct 26)
    - Re: Analyzing many pcap files with tshark Maverick (Oct 27)