I have 2 capture files that I would like to merge. One file has IEEE
802.3 Ethernet encapsulation and the other has Linux cooked capture
encapsulation.
I have been unsuccessful at merging them, trying things like,
"mergecap -T ether -w merge.cap eth.cap cooked.cap"
"mergecap -T linux-ssl merge.cap eth.cap cooked.cap"
.... but in the first case, only the eth.cap packets are correctly
dissected, and in the second case, only the cooked.cap packets are
correctly dissected.
Is it possible to merge these two files? If so, what are the options to
mergecap that would allow this to work correctly? If not, then what
would it take to be able to support this type of merge? I am willing to
work on this as long as it's possible to do and if someone could give me
a few tips/hints as to how to get started.
Thanks for your help,
Chris
-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.