Wireshark mailing list archives

Re: Multiple input files

From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Thu, 5 Sep 2013 13:35:34 +0000 (UTC)

Evan Huus <eapache@...> writes:

You can even (I think) pipe from mergecap to tshark as follows:


mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y

"dns.qry.name contains google" -o google.pcap

Just a slight correction on the tshark command-line options needed (note the
"-i -"):

mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name
contains google" -o google.pcap


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Multiple input files Dario Lombardo (Sep 05)
- Re: Multiple input files Evan Huus (Sep 05)
  - Re: Multiple input files Evan Huus (Sep 05)
    - Re: Multiple input files Dario Lombardo (Sep 05)
    - Re: Multiple input files jasper . sharklists (Sep 05)
    - Re: Multiple input files Christopher Maynard (Sep 05)
  - Re: Multiple input files Christopher Maynard (Sep 05)
    - Re: Multiple input files Dario Lombardo (Sep 06)
    - Re: Multiple input files Christopher Maynard (Sep 06)
    - Re: Multiple input files Dario Lombardo (Sep 10)
- Re: Multiple input files Christopher Maynard (Sep 05)