[Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>]

Another option could be to support stdin as input file in mergecap with an "append" switch. If mergecap whould support something like this

cat input1.pcap | mergecap -a - -w output.pcap

cat input2.pcap | mergecap -a - -w output.pcap

this would allow a user to do something like

for file in *.pcap

do

  tshark -r $file -Y "FILTER" -w - | mergecap -a - -w output.pcap

done

what about that?

On Thu, Sep 5, 2013 at 3:35 PM, Christopher Maynard <Christopher.Maynard@xxxxxxxxx> wrote:

Evan Huus <eapache@...> writes:

> You can even (I think) pipe from mergecap to tshark as follows:
>
>
> mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y
"dns.qry.name contains google" -o google.pcap

Just a slight correction on the tshark command-line options needed (note the
"-i -"):

mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name
contains google" -o google.pcap


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe