Use Mergecap to merge multiple capture files (Wireshark)

Others 2021-03-02 02:13:36 views: null

Mergecap syntax:
[root@localhost exception_pcap]# mergecap -h
Mergecap 1.10.14 (Git Rev Unknown from unknown)
Merge two or more capture files into one. (//Merge two or more capture files into one file)
See http ://www.wireshark.org for more information.
Usage: mergecap [options] -w <outfile>|- <infile> [<infile> ...]
Output:
  -a concatenate rather than merge files. //Connect ( File) instead of merging files
                    default is to merge based on frame timestamps. //The default is to merge based on frame timestamps
  -s <snaplen> truncate packets to <snaplen> bytes of data. //Truncate the data packet to <snaplen> Bytes of data, -s must be followed by a decimal number (the default is 186 bytes)
  -w <outfile>|- set the output filename to <outfile> or'-' for stdout. //Set (specify) the output file name
  -F <capture type> set the output file type; default is pcapng. //Set Output file type; the default is pcapng
                    an empty "-F" option will list the file types. //
  -T <encap type> set the output file encapsulation type; //Set the output file encapsulation type
                    default is the same as the first input file. //The default value is the same as the first input file.
                    an empty "-T" option will list the encapsulation types. //
Miscellaneous:
  -h display this help and exit. //display this help and exit
  -v verbose output. //output parameters

My environment: Wireshark is installed in the Wireshark folder under Program Files on the C drive, and the source files are placed under the packet folder on the C drive

Instructions:

1. Open the command prompt as an administrator

2. Use the cd command to open the path where Wireshark is located

3. Use the mergecap command to merge files

Note:

①If you do not write the specific target address and write the generated file name directly, the merged file will be in the Wireshark installation directory

②The "*" symbol is a wildcard

③The command entered in the command prompt cannot contain Chinese, otherwise an error will be reported

 

The above method of use is personally tested, if you have any questions, welcome to communicate

Guess you like

Origin blog.csdn.net/Alex_1117/article/details/114248617
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com