Wireshark · Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options

Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Fri, 19 Dec 2008 10:52:10 -0800

atdev.queries@xxxxxxxxx wrote:
> Hi All,
>  
> Thanks Joan and Gerald.
>  
> Both of your approaches worked.
> But my New query is
> mergecap -w - file1.cap file2.cap |wiresahrk -k -i -
> shall give me the output unsaved, i need to explicitly save it .
> But what i need is save it to the XXX location as specified and into multiple files of say 200KB.
>  
> I don't know the no.of files i am merging. There may be chance of "out of memory" when i load the merged output file. So it would be better if  I could save them into smaller files.

Try feeding the output into dumpcap instead of Wireshark:

mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200

http://www.wireshark.org/docs/man-pages/dumpcap.html

-- 
Join us for Sharkfest’09  |  Stanford University, June 15 – 18
http://www.cacetech.com/sharkfest.09/

EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009

Follow-Ups:
- Re: [Wireshark-dev] Query on loading packets using command line options
  - From: j . snelders

References:
- Re: [Wireshark-dev] Query on loading packets using command line options
  - From: j . snelders
- Re: [Wireshark-dev] Query on loading packets using command line options
  - From: atdev.queries

Prev by Date: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 3138] New: Buildbot crash output: fuzz-2008-12-18-2313.pcap
Next by Date: Re: [Wireshark-dev] Query on loading packets using command line options
Previous by thread: Re: [Wireshark-dev] Query on loading packets using command line options
Next by thread: Re: [Wireshark-dev] Query on loading packets using command line options
Index(es):
- Date
- Thread