Re: Multiple input files

[Christopher Maynard <Christopher.Maynard () gtech com>]

 <jasper.sharklists@...> writes:

> You could use a batch script to do what you want, like
>         for %%a IN (*.pcap) DO tshark.exe -r "%%a" -R "dns.qry.name
contains google" -w "filtered_%%a"
>         mergecap -a -w all-google-queries.pcap filtered*.pcap

Great idea Jasper!  I was thinking the same thing, only that it might be
nicer if mergecap supported reading from stdin, so that you could then have
a script along the lines of the following to avoid creating so many
temporary files.  I don't know which method would be more efficient though -
i.e., merge 1 file at a time or merge them all together at the end.

#!/bin/sh

if (( ${#} < 3 ))
then
        echo "Usage: $0 <directory> <filter> <outfile>"
        exit 0
fi

tmpfile=__tmp.pcap
filter=$2
outfile=$3

rm -f $tmpfile
touch $tmpfile
for file in `ls -1 $1`
do
        wireshark-gtk2/tshark.exe -r $1/$file -Y "$filter" -F libpcap -w - |
wireshark-gtk2/mergecap.exe -w $outfile - $tmpfile
        cp -f $outfile $tmpfile
done
rm -f $tmpfile
echo "Done merging files in $1/ to $outfile"
 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe