Bill Meier wrote:
What I need to do is to be able to extract out a specific VoIP call using
UNISTIM that spans multiple capture files based on IP Address and
Source and/or Destination Port and possible a within a specific time frame.
Altho I haven't tried this, I think the following should work:
tshark -r <input file> -R <read filter> -f <output file>
(You might need to write a script to run tshark on each of multiple
files and then use mergecap to combine the output files).
See the tshark help or manpage for additional information.
I guess not (altho the error message is a bit weird):
Only read filters, not capture filters, can be specified when
reading a capture file.