Hi, Is there a way to filter out packets using tshark on multiple pcap or cap files. I have tried with different variations but it has not worked, it only works when I explicitly specify the full file name. example: This will not work Thanks, Sunil asked 16 Oct '14, 14:49  Sunny |
2 Answers:
TShark doesn't support reading multiple capture files, so you can't run a single instance of TShark on multiple files. You'd have to run TShark separately once per file, or merge the captures into a single capture file using mergecap and run TShark on the merged file. answered 16 Oct '14, 15:04  Guy Harris ♦♦ |
for file in *.pcap;do echo "$file";tshark -n -r "$file" http.host == "keyword:443";done answered 07 Jan '15, 22:32  bnx2 |
