This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mergecap not working

0

Good Morning,

I was trying to capture several pcap files into one. I placed/saved the files on the desktop. Now on the recommendation of the book i entered the book verbatim, but i could not get it to work.Would you mind telling me how it works.

alt text

What do you think could be the reason.

1) Do i have to save the files in a different directory. 2) Seperately install mergecap.

Thanks Bharat CP

asked 07 Jan '14, 03:41

BharatNT2IE's gravatar image

BharatNT2IE
6558
accept rate: 0%


One Answer:

4

You don't mention which book you are using, but it should have a section for Windows users on making sure that the wireshark binaries (which includes mergecap) is on your path.

The command shell is telling you that it doesn't know anything about mergecap, you'll need to adjust the path to include the wireshark binary path. Try executing

set PATH=%PATH%;path\to\wireshark

in your command shell, replacing path\to\wireshark with the actual path to wireshark on your machine, likely to be either C:\Program Files\Wireshark or C:\Program Files (x86)\Wireshark but it does depend on what OS you have and the version of Wireshark and the installation choices you made.

answered 07 Jan '14, 03:52

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Wireshark 101 essential, the official wireshark one, i just looked at the glossary and it indicated me to that syntax, it should have been Windows, because the terminal looked like windows, but i will try your suggestion.

(07 Jan '14, 04:04) BharatNT2IE

Graham,

Thank you for you help. All i did was to place the file in the default c folder, where the wireshark was installed, thank you very much, I will also try to get the path file.

So i did it in Windows 8 this is the path if anyone need to merge files.

C:\Program Files\Wireshark>mergecap -w Meg.pcap Mergexxx.

keep these files in the folder above and run the command.

Thanks Bharat C P

It worked Voila!!!!!

P.S. You might want to run the CMD as administrator.

(07 Jan '14, 04:35) BharatNT2IE
2

Its not a good idea to put capture files (or any data files you work with) into the program installation path. You should add the program installation path to the search path as @grahamb said.

(07 Jan '14, 05:09) Jasper ♦♦

Jasper,

Yes, i will try that out and definitely get back to the group, i think i owe Graham that much. But for my purpose now it is served, but i will let the group know, i was just a bit unclear on the syntax, i will definitely let you know.

Thanks Bharat C P

(07 Jan '14, 05:11) BharatNT2IE

Graham,

Thank you that worked, i was not sure of the working of the commands of that instruction

set PATH=%PATH%;path\to\wireshark

I have never used this command before, mix up by me. I followed your instruction verbatim and i got the desired results.

Here here goes, i hope some one can benefit from this.

alt text

Once again appreciate it.

Thanks Bharat C P

alt text

alt text

(07 Jan '14, 07:22) BharatNT2IE

Graham,

I am not quite done yet. Sorry about that,the previous example that was shown, i was merging files in windows. But this set i was trying to merge files that i took of MAC OSX. the problem that i am encountering

mergecap: Can't open or create xx.pcap: Files from that network type can't be saved in that format

the same syntax.

Please try to guide me in the right train of tought i am thinking MAC OSX the files by default are in libpcap, files, i even tried to change the extenstion to libpcap, with the same undesired result. Anay one is open for suggestion.

BTW. I was able to merge in MAC the group of files. But i wanted to know in the event of merging in MAC and find. Please any suggestion are welcome.

Thanks Bharat C P

(07 Jan '14, 08:55) BharatNT2IE

Graham, I do not seem to be able to view any of our comments is it a know bug.

Thanks Bharat

(07 Jan '14, 09:40) BharatNT2IE
showing 5 of 7 show 2 more comments