Hi,
I have taken a capture on two different machines from an
in-line network tap (one to capture upstream, one to capture downstream data).
I now need to merge these file, but when I ask Wireshark to merge them chronologically,
it seems to merge them based on the initial time taken into the capture, not
the actual capture time.
I have tried to mitigate time differences by synching both
machines to an NTP server, but of course both captures are themselves started a
different times. How can I best accomplish what I want? I’ve had a look
at mergecap (as well as the inbuilt merge facility as shown above), but am not
sure if this will still do what I’m after.
As a side note, is it possible to “shut up” the
capturing machines from trying to send network traffic on the capturing
interfaces (Windows XP/Vista), so in effect they just listen?
Regards
Chris Swinney
Tel -
(01792) 411662
Email - swin@xxxxxxxxxxxxx
56 Dan-y-graig Rd
Port Tennant,
Swansea
SA1 8LZ