Dario Lombardo <dario.lombardo.ml@...> writes:
> Hi listI was trying to change the code of tshark to support multiple -r
switches. The aim is to have many input files and one output file. Before
getting mad in changing it, I was wondering if it makes sense or not, and if
it was addressed before in some way.
>
> An example of use of it:
>
> tshark -r input1.pcap -r input2.pcap -r input3.pcap -Y
"dns.qry.name contains google" -o google.pcapThanks for your suggestions.
Why not just pipe the output of mergecap[1] to tshark?
[1]: http://www.wireshark.org/docs/man-pages/mergecap.html