On Wed, Mar 27, 2002 at 09:59:28PM -0800, Vincent Chen wrote:
> Can ethereal help to put several tcpdump files
> togather as a big one for analyzing?
No, but perhaps mergecap can:
% man mergecap
MERGECAP(1) The Ethereal Network Analyzer MERGECAP(1)
NAME
mergecap - Merges two capture files into one
SYNOPSYS
mergecap [ -hva ] [ -s snaplen ] [ -F file format ]
[ -T encapsulation type ] -w outfile infile ...
DESCRIPTION
Mergecap is a program that combines multiple saved capture
files into a single output file specified by the -w
argument. Mergecap knows how to read libpcap capture
files, including those of tcpdump, Ethereal, and other
tools that write captures in that format. In addition,
Mergecap can read capture files from [long boring list of
capture file types omitted].
By default, it writes the capture file in libpcap format,
and writes all of the packets in both input capture files
to the output file. The -F flag can be used to specify
the format in which to write the capture file; it can
write the file in [long boring list of capture file types
omitted].
Packets from the input files are merged in chronological
order based on each frame's timestamp, unless the -a flag
is specified. Mergecap assumes that frames within a
single capture file are already stored in chronological
order. When the -a flag is specified, packets are copied
directly from each input file to the output file,
independent of each frame's timestamp.
...
It comes with Ethereal.
I don't know whether "-a" means the files are concatenated, however.