Well i have a question. im using a mini pc with two ports and a network tap. then i connect to create a file by each interface. this files was capturing a Rx and Tx individual. router -------- Mini PC and network tap, Rx to eth0 and Tx to eth1 capturare and save on pcap file each hour ------------ PC there is any software to combine theses two file in one. i will thank you a lot.
asked 02 Jun '15, 21:22  Juan Carlos ... |
2 Answers:
Use wireshark's "mergecap" utility, or in Wireshark's GUI go to File -> Merge, load the second file into the first, and save it as a new combined file. In both cases you have options, but the default (suggested in this case) is a chronological merge on packet timestamps. Edit: If you're doing this each hour, I definitely suggest a "mergecap" command line statement scripted to run when the hourly capture files are finished. answered 02 Jun '15, 21:51  Quadratic edited 02 Jun '15, 21:53 |
Uhm, better yet, why don't you capture into a single file on both cards at the same time? Wireshark/dumpcap support capturing from multiple NICs since version 1.8., so there's no need to merge afterwards. answered 03 Jun '15, 05:31  Jasper ♦♦ thanks jasper (03 Jun '15, 07:18) Juan Carlos ... |
thanks a lot Quadratic