Writing out files every 5 minutes. Trying to trace a VOIP call that was over 15 minutes in length. Only getting 1st 5 minutes. How do I find the rest of the call ?? asked 11 Aug '15, 09:15  rtorrey |
2 Answers:
If your problem is, that the call has been splitted into 3 files, then you could use the tool mergecap to merge these files into one. Mergecap is part of the wireshark package. After you have merged the tracefiles you should be able to find the rest of the call. answered 11 Aug '15, 09:54  Christian_R edited 13 Aug '15, 14:42 |
use mergecap. It will merge separeted pcap file into one big pcap, and than open by wireshark. SYNOPSIS mergecap [ -a ] [ -F <file format=""> ] [ -h ] [ -s <snaplen> ] [ -T <encapsulation type=""> ] [ -v ] -w <outfile>|- <infile> [<infile> ...] mergecap -w result.pcap 1_part.pcap 2_part.pcap 3_part.pcap ... answered 13 Aug '15, 14:40  Sindar |
