This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Network tap, combine two pcap files Tx with Rx. i can pay for help me

0

Well i have a question.

im using a mini pc with two ports and a network tap. then i connect to create a file by each interface. this files was capturing a Rx and Tx individual.

router -------- Mini PC and network tap, Rx to eth0 and Tx to eth1 capturare and save on pcap file each hour ------------ PC

there is any software to combine theses two file in one.

i will thank you a lot.

alt text

asked 02 Jun '15, 21:22

Juan%20Carlos%20Garcia's gravatar image

Juan Carlos ...
1444
accept rate: 0%


2 Answers:

1

Use wireshark's "mergecap" utility, or in Wireshark's GUI go to File -> Merge, load the second file into the first, and save it as a new combined file. In both cases you have options, but the default (suggested in this case) is a chronological merge on packet timestamps.

Edit: If you're doing this each hour, I definitely suggest a "mergecap" command line statement scripted to run when the hourly capture files are finished.

answered 02 Jun '15, 21:51

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

edited 02 Jun '15, 21:53

thanks a lot Quadratic

(03 Jun '15, 07:18) Juan Carlos ...

1

Uhm, better yet, why don't you capture into a single file on both cards at the same time? Wireshark/dumpcap support capturing from multiple NICs since version 1.8., so there's no need to merge afterwards.

answered 03 Jun '15, 05:31

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

thanks jasper

(03 Jun '15, 07:18) Juan Carlos ...