Wireshark-dev: Re: [Wireshark-dev] Query on loading packets using command line options
From: j.snelders@xxxxxxxxxx
Date: Mon, 22 Dec 2008 20:06:44 +0100
Hi Atdev, You can replay the packets using Colasoft Packet Player en capture the traffic with TShark | Wireshark. http://www.colasoft.com/download/products/packet_player.php HTH Joan On Mon, 22 Dec 2008 18:56:01 +0530 atdev wrote: >Hi All, > >Thanks for all your support. > >My new query: is it possible to create the traffic using the existing packets >i have and capture them using wireshark. >What i mean exactly is with the packets available with me is it possible >to create a traffic with in the system. >And is it possible to run wireshark in capture mode to capture the generated >traffic. > >If yes, could any one please explain me how it can be done? > >regards, >Atdev. > >________________________________ > >From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of j.snelders@xxxxxxxxxx >Sent: Sat 12/20/2008 3:11 AM >To: Developer support list for Wireshark >Subject: Re: [Wireshark-dev] Query on loading packetsusing command line options > > > > >On Fri, 19 Dec 2008 10:52:10 -0800 Gerald Combs wrote: >>atdev.queries@xxxxxxxxx wrote: >>> Hi All, >>> >>> Thanks Joan and Gerald. >>> >>> Both of your approaches worked. >>> But my New query is >>> mergecap -w - file1.cap file2.cap |wiresahrk -k -i - >>> shall give me the output unsaved, i need to explicitly save it . >>> But what i need is save it to the XXX location as specified and into multiple >files of say 200KB. >>> >>> I don't know the no.of files i am merging. There may be chance of "out >>> of memory" when i load the merged output file. So it would be better if > >>> I could save them into smaller files. > >I don't know if I understand you correctly. >Do you first want to merge 2 or more files and next split the outputfile >into multiple files? >If so: >mergecap -w <outputfile> <inputfile> <inputfile> >$ mergecap -w mergefile1_2.cap file1.cap file2.cap > >editcap -c <packets per file> <inputfile> <outputfile> >$ editcap -c 200 mergefile1_2.cap split.cap > >Do you want to capture and write the output to multiple files? >If so, you can use TShark, Dumpcap or Wireshark. >TShark/Dumpcap -i <interface> -b <filesize:NUM - switch to next file after >NUM KB> -a <files:NUM - stop after NUM files> -w <outputfile> >$ dumpcap -i 2 -b filesize:200 -a files:2 -w F:\capturefiles\multiplefiles.cap > >Wireshark: Capture -> Options -> Use Multiple Files > >https://www.wireshark.org/docs/man-pages/mergecap.html >https://www.wireshark.org/docs/man-pages/editcap.html >https://www.wireshark.org/docs/man-pages/tshark.html > >> >>Try feeding the output into dumpcap instead of Wireshark: >> >>mergecap -w - infile1.pcap infile2.pcap | dumpcap -i -w outfile -b filesize:200 > >Doesn't work for me:( > >> >>http://www.wireshark.org/docs/man-pages/dumpcap.html >> >>-- >>Join us for Sharkfest?09 | Stanford University, June 15 ? 18 >>http://www.cacetech.com/sharkfest.09/ > >Of course >> >>EARLY REGISTRATION DISCOUNTS through JANUARY 31, 2009 >>___________________________________________________________________________ >>Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> >>Archives: http://www.wireshark.org/lists/wireshark-dev >>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > > > > > >___________________________________________________________________________ >Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> >Archives: http://www.wireshark.org/lists/wireshark-dev >Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > > > >Please do not print this email unless it is absolutely necessary. > >The information contained in this electronic message and any attachments >to this message are intended for the exclusive use of the addressee(s) and >may contain proprietary, confidential or privileged information. If you are >not the intended recipient, you should not disseminate, distribute or copy >this e-mail. Please notify the sender immediately and destroy all copies >of this message and any attachments. > >WARNING: Computer viruses can be transmitted via email. The recipient should >check this email and any attachments for the presence of viruses. The company >accepts no liability for any damage caused by any virus transmitted by this >email. > >www.wipro.com > >Bijlage: winmail.dat > >___________________________________________________________________________ >Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> >Archives: http://www.wireshark.org/lists/wireshark-dev >Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-dev] Query on loading packets usingcommand line options
- From: atdev.queries
- Re: [Wireshark-dev] Query on loading packets usingcommand line options
- References:
- Re: [Wireshark-dev] Query on loading packetsusing command line options
- From: atdev.queries
- Re: [Wireshark-dev] Query on loading packetsusing command line options
- Prev by Date: Re: [Wireshark-dev] Packet reasembling
- Next by Date: Re: [Wireshark-dev] How to add one dissector after adding one?
- Previous by thread: Re: [Wireshark-dev] Query on loading packetsusing command line options
- Next by thread: Re: [Wireshark-dev] Query on loading packets usingcommand line options
- Index(es):